- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: limit was reached
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-29-2015 05:02 AM
08-29-2015 05:02 AM
limit was reached
hello every one,
Im running my 6200yl on firmware K.15.17.0007 and i got this messege:
dipld: DHCP REQUEST dropped for d43d7e-xxxxx port 7,
unable to add the binding; a port or switch limit was reached.
i did setup dhcp server, dhcp snooping, arp-protect, ip-source-lockdown.
Status and Counters - DHCP Server
Address Pools : 6
Automatic Bindings : 241
Manual Bindings : 0
Expired/Free Bindings : 1259
Malformed Messages : 0
dhcp snooping:
Packet type Action Reason Count
----------- ------- ---------------------------- ---------
server forward from trusted port 8800
client forward to trusted port 45295
server drop received on untrusted port 17
server drop unauthorized server 0
client drop destination on untrusted port 0
client drop untrusted option 82 field 0
client drop bad DHCP release request 0
client drop failed verify MAC check 598
client drop failed on max-binding limit 0
ARP Protection Counters for VLAN xxx
ARPs forwarded : 199064 Bad Sender/Target IP : 6746
Bad bindings : 44431 Source/Sender MAC mismatches : 8043
Malformed pkts : 0 Dest/Target MAC mismatches : 0
Any one knows, how to solve this problems coz my users, cant get dhcp packet on this switch.
I tried to downgrade software but its not helped.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 03:41 PM
08-31-2015 03:41 PM
Re: limit was reached
Hello. DIPLD = Dynamic IP Lockdown (ip source-lockdown) and the message is saying there aren't enough hardware resources to add the IP/MAC binding. I believe max bindings per port is 64. Do you have that many on port 7? I think the global limit for 6200 is 4k so you should be ok there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2015 09:16 PM
08-31-2015 09:16 PM
Re: limit was reached
well, I have 150 for now, and on others pools same(iv got 5 pools).
Is there any way to increase that limit ? dunno why problem is only on port 7, with is pool p4.
Pool : p0
Lease Period : 30:00:00
Low Threshold : 50
High Threshold : 200
Free Leases : 211
Pool : p1
Lease Period : 30:00:00
Low Threshold : 50
High Threshold : 200
Free Leases : 218
Pool : p2
Lease Period : 30:00:00
Low Threshold : 50
High Threshold : 200
Free Leases : 160
Pool : p3
Lease Period : 30:00:00
Low Threshold : 50
High Threshold : 200
Free Leases : 233
Pool : p4
Lease Period : 30:00:00
Low Threshold : 50
High Threshold : 200
Free Leases : 163
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2015 06:57 AM
09-01-2015 06:57 AM
Re: limit was reached
Ok. It is a shared hardware resource. What else do you have configured? Any chance you could attach the config and the output of "show qos resources"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2015 01:37 AM
09-02-2015 01:37 AM
Re: limit was reached
; J8992A Configuration Editor; Created on release #K.15.17.0007
; Ver #08:02.ff.f7.fc.7f.ff.3f.ef:ae
hostname "DS2-GW"
module 1 type j8992a
dhcp-snooping
dhcp-snooping authorized-server 172.16.160.254
dhcp-snooping authorized-server 172.16.161.254
dhcp-snooping authorized-server 172.16.162.254
dhcp-snooping authorized-server 172.16.163.254
dhcp-snooping authorized-server 172.16.164.254
dhcp-snooping authorized-server 172.16.165.254
dhcp-snooping database file "tftp://172.16.200.2/ds2-dhcpsnoop-binding" delay 1800
no dhcp-snooping option 82
dhcp-snooping vlan 620-625
fault-finder broadcast-storm sensitivity high
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
banner motd "DS2-GW\n"
instrumentation monitor trap
instrumentation monitor log
logging 10.10.10.1
logging severity warning
timesync sntp
sntp unicast
sntp server priority 1 10.100.40.1
time daylight-time-rule middle-europe-and-portugal
time timezone 60
ip dns domain-name "wat.edu.pl"
ip dns server-address priority 1 10.1.1.41
ip source-binding trap OutOfResources
ip source-lockdown
ip route 0.0.0.0 0.0.0.0 172.16.200.33
ip route 192.168.0.0 255.255.0.0 reject
ip routing
interface 1
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 2
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 3
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 4
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 5
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 6
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 7
dhcp-snooping max-bindings 200
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 8
ip source-lockdown
mac-notify traps learned
mac-notify traps removed
mac-count-notify traps
exit
interface 9
mac-count-notify traps
exit
interface 10
mac-count-notify traps
exit
interface 11
mac-count-notify traps
exit
interface 12
mac-count-notify traps
exit
interface 13
mac-count-notify traps
exit
interface 14
mac-count-notify traps
exit
interface 15
mac-count-notify traps
exit
interface 16
mac-count-notify traps
exit
interface 17
mac-count-notify traps
exit
interface 18
mac-count-notify traps
exit
interface 19
mac-count-notify traps
exit
interface 20
mac-count-notify traps
exit
interface 21
mac-count-notify traps
exit
interface 22
mac-count-notify traps
exit
interface 23
mac-count-notify traps
exit
interface 24
name "do_ak01"
mac-count-notify traps
exit
snmp-server communityxxxxxxxxxxxxxxxxxxxxxxxx
snmp-server hostxxxxxxxxxxxxxxxxxxxxxxx
snmp-server enable traps mac-notify
snmp-server enable traps mac-count-notify
vlan 1
name "DEFAULT_VLAN"
no untagged 1-8,24
untagged 9-23
no ip address
exit
vlan 500
name "Management"
tagged 1-9,24
ip address 10.10.13.245 255.255.254.0
exit
vlan 620
name "ds2p0"
untagged 1-2
ip address 172.16.160.254 255.255.255.0
dhcp-server
exit
vlan 621
name "ds2p1"
untagged 4
ip address 172.16.161.254 255.255.255.0
dhcp-server
exit
vlan 622
name "ds2p2"
untagged 3,5-6
ip address 172.16.162.254 255.255.255.0
dhcp-server
exit
vlan 623
name "ds2p3"
untagged 8
ip address 172.16.163.254 255.255.255.0
dhcp-server
exit
vlan 624
name "ds2p4"
untagged 7
ip address 172.16.164.254 255.255.255.0
dhcp-server
exit
vlan 625
name "kadra"
ip address 172.16.165.254 255.255.255.0
dhcp-server
exit
vlan 804
name "do_ak01"
untagged 24
ip address 172.16.200.34 255.255.255.252
exit
primary-vlan 804
no tftp server
fastboot
loop-protect trap loop-detected
loop-protect mode vlan
loop-protect vlan 620-625
loop-protect disable-timer 20
arp-protect
arp-protect validate src-mac dest-mac ip
arp-protect vlan 620-625
no autorun
dhcp-server ping packets 3
dhcp-server pool "p0"
authoritative
default-router "172.16.160.254"
dns-server "10.1.1.41"
domain-name "xxxxx"
lease 30:00:00
network 172.16.160.0 255.255.255.0
range 172.16.160.1 172.16.160.250
tftp-server server-ip 172.16.200.2
exit
dhcp-server pool "p1"
authoritative
default-router "172.16.161.254"
dns-server "10.1.1.41"
domain-name "xxxxxxxxxxl"
lease 30:00:00
network 172.16.161.0 255.255.255.0
range 172.16.161.1 172.16.161.250
tftp-server server-ip 172.16.200.2
exit
dhcp-server pool "p2"
authoritative
default-router "172.16.162.254"
dns-server "10.1.1.41"
domain-name "xxxxxxxxxxxx"
lease 30:00:00
network 172.16.162.0 255.255.255.0
range 172.16.162.1 172.16.162.250
tftp-server server-ip 172.16.200.2
exit
dhcp-server pool "p3"
authoritative
default-router "172.16.163.254"
dns-server "10.1.1.41"
domain-name "xxxxxxxxxl"
lease 30:00:00
network 172.16.163.0 255.255.255.0
range 172.16.163.1 172.16.163.250
tftp-server server-ip 172.16.200.2
exit
dhcp-server pool "p4"
authoritative
default-router "172.16.164.254"
dns-server "10.1.1.41"
domain-name "xxxxxxxxxxx"
lease 30:00:00
network 172.16.164.0 255.255.255.0
range 172.16.164.1 172.16.164.250
tftp-server server-ip 172.16.200.2
exit
dhcp-server pool "xxxxxxxxxx"
authoritative
default-router "172.16.165.254"
dns-server "10.1.1.41"
domain-name "xxxxxxxxxxxxxl"
lease 30:00:00
network 172.16.165.0 255.255.255.0
range 172.16.165.1 172.16.165.250
tftp-server server-ip 172.16.200.2
exit
dhcp-server database delay 1800 file "tftp://172.16.200.2/ds2-dhcp-binding"
dhcp-server conflict-logging
dhcp-server enable
show qos resources
Resource usage in Policy Enforcement Engine
| Rules | Rules Used
Ports | Available | ACL | QoS | IDM | VT | Mirr | PBR | OF | Other |
--------------+-----------+-----+-----+-----+-----+------+-----+------+-------|
1-24 | 3029 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 8 |
| Meters | Meters Used
Ports | Available | ACL | QoS | IDM | VT | Mirr | PBR | OF | Other |
--------------+-----------+-----+-----+-----+-----+------+-----+------+-------|
1-24 | 253 | | 0 | 0 | | | | 0 | 1 |
|Application|
|Port Ranges| Application Port Ranges Used
Ports | Available | ACL | QoS | IDM | VT | Mirr | PBR | OF | Other |
--------------+-----------+-----+-----+-----+-----+------+-----+------+-------|
1-24 | 13 | 0 | 0 | 0 | | 0 | 0 | | 2 |
1 of 8 Policy Engine management resources used.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2015 10:23 AM
09-03-2015 10:23 AM
Re: limit was reached
Ok, looks like you are hitting the per port limit of 64:
show dhcp-server:
Free Leases : 163
show run:
dhcp-server pool "p4"
range 172.16.164.1 172.16.164.250
So it appears you had 250-163=87 clients request a DHCP address on VLAN 624 (port 7). You can verify via "show dhcp-snooping bindings" or "show ip source-lockdown bindings". The limit of 64 per port is not configurable, unfortunately. I'm checking to see if it's possible to remove that restriction in the future.
Not sure if the downstream switch is able to support dsnoop/dipld, you could push that functionality down to it if so. Wish I had a better solution for you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2015 11:04 PM
09-03-2015 11:04 PM
Re: limit was reached
Thank you for replay and interested in my subject all.