I'm dealing with a problem that leaves me with no idea how to fix it. I have a windows 2012 DHCP server with several scopes, for example
Scope A 192.168.10.0/24 (vlan10)
Scope B 192.168.11.0/24 (vlan11)
Scope C 192.168.12.0/24 (vlan12)
All users authenticate with 802.1x on cisco switches (2960X) (cisco ISE) and the core switch (6807-XL) has the interface for all vlans with helper-address, and this has been working for years without problem until recently.
Now I have only the Scope C with bad addresses in the DHCP. So far I've used Wireshark to look for rogue DHCP servers but it seems there's no rogue server. While in Wireshark I have a lot of DHCP offers until one IP is assigned to the computer. Also the previous DHCP offers result in bad address at the DHCP server.
Doing a "show arp vlan 12" on the core switch shows several ip addresses with the same mac address (not a specific Mac address with several ip but random Mac addresses from users computers)
Does anyone have more ideas how to fix or troubleshoot this problem ?
Enable dhcp snooping for vlan 12 and append a mac address access list to drop any traffic from the mac- addresses OUI you are seeing.
ip dhcp snooping ip dhcp snooping vlan 12 mac address-table static xxxx.xxff.ffff vlan 12 drop
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
I tried to clear the cache of the arp table from both the dhcp and the switch and also tested the suggestion of Paul driver but it didn't work. The arp table of the core switch continues to show same mac addresses with different IP. Almost every user in that vlan gets a duplicated entry on the arp table.