Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5155
Views
0
Helpful
3
Replies

DHCP with bad addresses

aft
Level 1
Level 1

‎10-31-2020 12:57 PM

Hi

 

I'm dealing with a problem that leaves me with no idea how to fix it. I have a windows 2012 DHCP server with several scopes, for example

 

Scope A 192.168.10.0/24 (vlan10)

Scope B 192.168.11.0/24 (vlan11)

Scope C 192.168.12.0/24 (vlan12)

 

All users authenticate with 802.1x on cisco switches (2960X) (cisco ISE) and the core switch (6807-XL) has the interface for all vlans with helper-address, and this has been working for years without problem until recently.

 

Now I have only the Scope C with bad addresses in the DHCP. So far I've used Wireshark to look for rogue DHCP servers but it seems there's no rogue server. While in Wireshark I have a lot of DHCP offers until one IP is assigned to the computer. Also the previous DHCP offers result in bad address at the DHCP server.

 

Doing a "show arp vlan 12" on the core switch shows several ip addresses with the same mac address (not a specific Mac address with several ip but random Mac addresses from users computers)

 

Does anyone have more ideas how to fix or troubleshoot this problem ?

 

Thanks in advance

 

 

 

 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎10-31-2020 04:01 PM

Try clear DHCP Cache and see if the fix the issue, also try clear IP arp from switch, what IOS on Cisco Switch ?

 

Do you see DHCP address lease full ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎10-31-2020 06:03 PM - edited ‎10-31-2020 06:07 PM

Hello

Enable dhcp snooping for vlan 12 and append a mac address access list to drop any traffic from the mac- addresses OUI you are seeing.

conf t

ip dhcp snooping
ip dhcp snooping vlan 12
mac address-table static xxxx.xxff.ffff vlan 12 drop


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

aft
Level 1
Level 1

‎11-02-2020 01:14 AM

I tried to clear the cache of the arp table from both the dhcp and the switch and also tested the suggestion of Paul driver but it didn't work.
The arp table of the core switch continues to show same mac addresses with different IP. Almost every user in that vlan gets a duplicated entry on the arp table.

0 Helpful
Customers Also Viewed These Support Documents