DHCP address conflict

jagdev.dhaliwal · ‎01-01-2013

Hi All,

I have a small DHCP scope for 16 IP address, just for wireless AP configured for them. But some time i get alert for "access point dissociation from wlc" when i checked and found AP does not have any IP. then i checked at the Switch and found DHCP IP conflict for some IP when I clear them AP got IP and association has established with WLC. there is no other Port configured for the for that Vlan except the AP ports. when i check the logs found the reason for conflict is " %DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 192.168.1.4."

DHCP IP binding (Lease expiration) and Detection time and usually same means once the lease expires and it tries to get the IP at that time this problem raises.

Can you please help me to find the solution for this? What is the default time for the DHCP conflicts to get clear automatically?

Thanks

Jagdev

Nagendra Kumar Nainar · ‎01-02-2013

Hi,

When a DHCP server receive a request, it will try to send ping packet to the (to be assigned) address and if it gets a response will mark it as conflict. This is to avoid any duplicate address assigned to different clients. Per my understanding, the default behaviour is that the conflicted address will not be audited to released.

You may need to configure "ip dhcp conflict resolution" inorder to have the server periodically audit and release the conflicted address. This is not available in some old releases. I remember using "no ip dhcp conflict logging" if the above command is not available. Basically this command will still perform the dhcp ping to check the address uniqueness, but if it gets a response, will skip this address (instead of moving this address to excluded range) and will assign the next available address.

HTH,

Nagendra

jagdev.dhaliwal · ‎01-02-2013

Thanks Nagendra,

The resolution will help me to clear the manually conflicts, but i want to know what this happens at first place. as there are only 15 APs in my network and only 15 ports are configured for this Vlan. The very same AP request for IP which has lease expired, so there is one AP requesting for IP and one IP which is get freed after the lease expired. than why this situation raises?

Thanks

Jagdev

Nagendra Kumar Nainar · ‎01-02-2013

Hi Jagdev,

Are you receiving DHCP REQUEST from AP (acting as L3) or is it from user clients?. This could be due to many reasons. I remember seeing in the past that some end devices though it send the DHCP RELEASE will still have the address stuck

or some client still hold the address even after the lease timer expiry and and reply when receiving dhcp ping.

If it is end users (via AP) are requesting the address, chances are there that some end users are statically configured with some address from the pool range.

I think there is no simple way to check the MAC address from where the echo reply received for the conflict address.

Regards,

Nagendra

jagdev.dhaliwal · ‎01-03-2013

Hi Nagendra,

It's APs not the end clients. in logs i am not getting the MAC address, i get following error that is for IP

%DHCPD-4-PING_CONFLICT: DHCP address conflict: server pinged 192.168.1.4."

One more thing can i enable the "ip dhcp conflict resolution" for just one Vlan? As I do not want to configure it globally for all the scopes.

Thanks

Jagdev

Nagendra Kumar Nainar · ‎01-04-2013

Hi Jagdev,

The commands is global and is not interface specific. When you enable it, it will be for all DHCP query from any interface.

HTH,

Nagendra

belorusandrey · ‎01-04-2013

Hi there

You can establish separate dhcp-server or configure it on the another router. Then configure the vlan interfaces with ip helper-address command. In this case switch will forward dhcp requests to the dhcp-server only from this interfaces.

Robert R · ‎01-04-2013

You say you have a small dhcp scope setup for 16 addresses. Is this a /28 subnet. Are you excluding any addresses from the DHCP address pool? The default gateway should be exluded. If you used a /28, that would only provide you with 14 useable addresses. 13 APs and the default gateway.

You'll need to use at least a /27 subnet mask (255.255.255.224) for this subnet, and exclude the default gateway address from being handed out as part of the dhcp pool.

Hope it helps,

Rob

rgunawan78 · ‎05-18-2018

I have this problem too..

sbhadrav@cisco.com · ‎06-14-2018

If the AP loses connectivity to the WLC it will directly try to use the DHCP ip address instead of the statically configured IP address.

I doubt that there is some heartbeat loss and when that happen the AP directly falls back to use the static.
usually there is a number of heartbeat loss (3 for example) before declaring the AP as disassociated. In this case what happens it seems the AP loses one heartbeat (not 3) and directly falls back to use the DHCP instead.

You need to check further to isolate. you can use synched sniffer capture on the AP and WLC to see if there is any heartbeat loss.

Keep an eye on the traplog/msglog. If there is any heartbeat loss it will probably be reported.

Also, if you have a console session with the AP that you reproduce with that will be very helpful as well.

To summarize:

- sniffer capture on AP and WLC.

- AP console output.

- Msglog and traplog while the issue is reproduced.

compare and see if there is any packet loss that happens at almost same time as your AP fall back to the DHCP ip address.

This could probably be a weak feature rather than a bug. But if you confirm the packet loss then you can contact cisco with a solid evidence about the root cause.

We need some more informaiton from your side though:

- What code version you are using?

- Are you using local or HREAP access points?