You're staring at a router prompt. 254.On top of that, x. No internet. The PC connected to your switch still shows 169.x.No IP. That said, no gateway. And the lab instructions said "verify DHCP operation" like it was supposed to just work Not complicated — just consistent. But it adds up..
Sound familiar?
If you've spent any time in Packet Tracer, GNS3, or on real gear working through the 6.But clients won't lease an address. 4.Now, 7 DHCP troubleshooting lab, you've hit this wall. Because of that, the topology looks correct. The commands look right. Or they lease one but can't reach anything beyond the local subnet.
This lab isn't about memorizing ip helper-address syntax. It's about learning how DHCP actually moves through a network — and where it silently dies.
What Is the 6.4.7 DHCP Troubleshooting Lab
This lab shows up in Cisco's CCNA curriculum (specifically the Enterprise Networking, Security, and Automation course, Module 6: DHCPv4). Now, 4. The numbering — 6.7 — means Module 6, Topic 4, Lab 7.
The scenario is straightforward on paper: a router acting as a DHCP server, a switch, and a PC client. Sometimes a second router as a relay agent. Your job: configure DHCP, then break it on purpose, then fix it And that's really what it comes down to. Worth knowing..
But the real job is understanding why DHCP fails in ways that don't throw error messages.
The topology usually looks like this
- R1 — DHCP server (or relay)
- S1 — Access switch, VLANs configured
- PC-A — DHCP client
- Optional: R2 — Remote subnet with
ip helper-addresspointing to R1
You'll configure pools, excluded addresses, default routers, DNS servers. Then you'll verify with show ip dhcp binding, show ip dhcp pool, debug ip dhcp server events.
And then the instructor (or the lab guide) says: "Now troubleshoot the following issues."
Why This Lab Matters More Than You Think
DHCP looks simple. network 192.168.10.0 255.255.255.0, default-router 192.168.10.1, done.
But in practice? DHCP is one of the most common sources of "the network is down" tickets — and the symptoms rarely point to DHCP directly It's one of those things that adds up..
- User says "Wi-Fi connected but no internet" → DHCP handed out wrong gateway
- Printer works yesterday, not today → lease expired, renewal failed
- New VLAN added, devices get 169.254 → no
ip helper-addresson the SVI - Phones boot, get IP, but no voice VLAN → option 150 missing
This lab forces you to see those failures in a controlled environment. You learn to read the conversation: DISCOVER, OFFER, REQUEST, ACK. Or — more importantly — where the conversation stops.
How DHCP Actually Works (And Where It Breaks)
Let's walk through the four-step dance. Not the textbook version. The version that matters when you're debugging.
1. DHCPDISCOVER — Client shouts into the void
The client has no IP. No MAC-to-IP mapping. Here's the thing — it broadcasts (255. 255.255.That's why 255, source 0. 0.Day to day, 0. 0) asking for a lease.
Where it breaks:
- Port security blocking the client MAC
- VLAN mismatch — client in VLAN 10, DHCP server in VLAN 20, no relay
- Switchport in wrong mode (trunk instead of access)
spanning-tree portfastmissing — client times out before DHCP completes
2. DHCPOFFER — Server replies with an offer
The server (or relay) unicasts back to the client's MAC with an available IP, subnet mask, lease time, gateway, DNS Simple, but easy to overlook..
Where it breaks:
- Pool exhausted —
show ip dhcp poolshows 0 available - Excluded addresses misconfigured — server thinks everything's taken
- Wrong subnet in pool — offer doesn't match client's VLAN
- Relay agent not forwarding —
ip helper-addressmissing or pointing to wrong IP
3. DHCPREQUEST — Client says "I'll take it"
Client broadcasts (again) formally requesting the offered IP. This tells other servers "thanks but no thanks."
Where it breaks:
- Client never got the OFFER (see above)
- Client's broadcast doesn't reach server — ACL blocking UDP 67/68
- Duplicate IP detected — client sends DECLINE, restarts process
4. DHCPACK — Server confirms, lease active
Server unicasts ACK. Client configures interface. Done.
Where it breaks:
- Server sends NAK instead — IP no longer valid, pool changed, conflict detected
- ACK lost — client retries, eventually gives up, self-assigns APIPA (169.254.x.x)
The relay agent wrinkle
If the DHCP server isn't on the same subnet as the client, you need a relay agent (usually the default gateway / SVI). It converts the client's broadcast to a unicast toward the server, inserting its own IP as giaddr (gateway interface address).
This is where a lot of people lose the thread.
The server uses giaddr to pick the right pool and sends the reply back to the relay, which forwards to client Less friction, more output..
Classic lab failure: ip helper-address configured on the wrong interface. Or pointing to the server's loopback instead of its LAN interface. Or missing entirely on the new VLAN you just added The details matter here..
Common Mistakes — What Most People Get Wrong
I've watched dozens of students (and made these myself) trip over the same handful of issues. Here's the hit list It's one of those things that adds up..
1. Forgetting excluded addresses
ip dhcp excluded-address 192.168.10.1 192.168.10.10
Without this, the server hands out .Now, 1 (the gateway) to a client. That's why next device gets . 2. Because of that, gateway goes offline. Entire VLAN breaks.
Fix: Always exclude the gateway, management IPs, printer/static ranges before creating the pool.
2. Pool network statement doesn't match the interface
interface g0/0
ip address 192.168.10.1 255.255.255.0
ip dhcp pool VLAN10
network 192.168.20.0 255.255.255.0
Server receives request, sees giaddr 192.10.That's why 10. 168.1, looks for pool matching 192.168.0/24 — finds nothing. Drops packet Small thing, real impact..
Fix: Pool network must match the relay's interface subnet (or the server's connected subnet).
3. ip helper-address on the wrong device
Putting it on the access switch instead of the L3 gateway. The access switch doesn't route — it can't relay Small thing, real impact..
Fix: ip helper-address goes on the SVI (VLAN interface) or routed port that serves as default gateway for that subnet Simple, but easy to overlook..
4. Debugging with debug ip dhcp server events on a busy network
Your console floods. Because of that, you miss the actual transaction. Or worse — you crash the router.
Fix: Use conditionals. debug ip dhcp server events is fine in a lab with one client. In production? debug ip dhcp server packet detail with `debug condition mac <client-m
