02-16-2015 02:40 AM - edited 03-07-2019 10:40 PM
One of my wireless VLAN DHCP scope on cisco core switch is often exhausted due to Gratuitous ARP.
Please help me to check what is the cause of this.
02-16-2015 03:27 AM
Hi Vinayaka,
Can you please explain more about the issue that you are facing?
CF
02-16-2015 03:41 AM
I have a VLAN with DHCP SCOPE and layer 3 configured on core switch.
the DHCP pool often gets exhausted and when I do show ip dhcp conflict most of the IPs conflicted due to Gratuitous arp
CORESWITCH# show ip dhcp conflict
172.28.106.195 Gratuitous ARP Oct 14 2014 04:44 PM
172.28.106.54 Gratuitous ARP Oct 14 2014 04:49 PM
172.28.106.189 Gratuitous ARP Oct 15 2014 12:28 PM
172.28.106.55 Gratuitous ARP Oct 17 2014 02:05 PM
172.28.106.74 Gratuitous ARP Oct 21 2014 09:39 AM
172.28.106.72 Gratuitous ARP Oct 23 2014 02:26 PM
172.28.106.89 Gratuitous ARP Oct 28 2014 03:09 PM
172.28.106.119 Gratuitous ARP Nov 03 2014 01:39 PM
172.28.106.124 Gratuitous ARP Nov 05 2014 08:03 AM
172.28.106.127 Gratuitous ARP Nov 05 2014 02:56 PM
172.28.106.131 Gratuitous ARP Nov 08 2014 01:59 PM
172.28.106.153 Gratuitous ARP Nov 10 2014 12:14 PM
172.28.106.139 Gratuitous ARP Nov 11 2014 07:57 AM
172.28.106.143 Gratuitous ARP Nov 11 2014 09:28 AM
172.28.106.157 Gratuitous ARP Nov 11 2014 02:36 PM
172.28.106.156 Gratuitous ARP Nov 11 2014 07:55 PM
172.28.106.162 Gratuitous ARP Nov 13 2014 06:48 PM
172.28.106.187 Gratuitous ARP Nov 18 2014 01:57 PM
172.28.106.176 Gratuitous ARP Nov 19 2014 02:30 PM
172.28.106.53 Gratuitous ARP Nov 19 2014 02:47 PM
172.28.106.199 Gratuitous ARP Nov 20 2014 11:18 AM
172.28.106.61 Gratuitous ARP Nov 20 2014 01:27 PM
172.28.106.56 Gratuitous ARP Nov 20 2014 01:39 PM
172.28.106.63 Gratuitous ARP Nov 21 2014 02:15 PM
172.28.106.85 Gratuitous ARP Nov 24 2014 07:17 PM
172.28.106.92 Gratuitous ARP Nov 25 2014 10:47 AM
172.28.106.95 Gratuitous ARP Nov 25 2014 02:14 PM
172.28.106.97 Gratuitous ARP Nov 27 2014 04:19 PM
172.28.106.100 Gratuitous ARP Nov 28 2014 09:18 AM
172.28.106.79 Gratuitous ARP Nov 28 2014 11:09 AM
172.28.106.104 Gratuitous ARP Nov 28 2014 05:20 PM
172.28.106.129 Gratuitous ARP Dec 01 2014 09:53 AM
172.28.106.130 Gratuitous ARP Dec 01 2014 11:19 AM
172.28.106.133 Gratuitous ARP Dec 01 2014 11:36 AM
172.28.106.134 Gratuitous ARP Dec 01 2014 03:04 PM
172.28.106.135 Gratuitous ARP Dec 01 2014 03:47 PM
172.28.106.136 Gratuitous ARP Dec 01 2014 04:13 PM
172.28.106.137 Gratuitous ARP Dec 02 2014 12:28 PM
172.28.106.141 Gratuitous ARP Dec 03 2014 09:33 AM
172.28.106.149 Gratuitous ARP Dec 05 2014 02:01 PM
172.28.106.151 Gratuitous ARP Dec 05 2014 04:21 PM
172.28.106.173 Gratuitous ARP Dec 08 2014 06:40 PM
172.28.106.182 Gratuitous ARP Dec 09 2014 09:28 AM
172.28.106.158 Gratuitous ARP Dec 09 2014 04:46 PM
172.28.106.185 Gratuitous ARP Dec 09 2014 05:05 PM
172.28.106.188 Gratuitous ARP Dec 10 2014 02:56 PM
172.28.106.186 Gratuitous ARP Dec 10 2014 06:19 PM
172.28.106.193 Gratuitous ARP Dec 12 2014 12:48 PM
172.28.106.75 Gratuitous ARP Dec 16 2014 02:37 PM
172.28.106.68 Gratuitous ARP Dec 16 2014 04:05 PM
172.28.106.80 Gratuitous ARP Dec 16 2014 06:02 PM
172.28.106.81 Gratuitous ARP Dec 17 2014 03:11 PM
172.28.106.84 Gratuitous ARP Dec 19 2014 02:03 PM
172.28.106.115 Gratuitous ARP Dec 23 2014 10:35 AM
172.28.106.78 Gratuitous ARP Dec 23 2014 01:37 PM
172.28.106.121 Gratuitous ARP Dec 24 2014 06:18 PM
172.28.106.125 Gratuitous ARP Dec 26 2014 10:02 AM
172.28.106.161 Gratuitous ARP Dec 29 2014 12:01 PM
172.28.106.181 Gratuitous ARP Dec 29 2014 03:08 PM
172.28.106.184 Gratuitous ARP Dec 30 2014 05:25 PM
172.28.106.66 Gratuitous ARP Jan 02 2015 09:44 AM
172.28.106.194 Gratuitous ARP Jan 03 2015 03:14 PM
172.28.106.106 Gratuitous ARP Jan 07 2015 01:54 PM
172.28.106.112 Gratuitous ARP Jan 07 2015 04:32 PM
172.28.106.113 Gratuitous ARP Jan 08 2015 04:48 PM
172.28.106.103 Gratuitous ARP Jan 09 2015 12:53 PM
172.28.106.164 Gratuitous ARP Jan 13 2015 12:13 PM
172.28.106.155 Gratuitous ARP Jan 13 2015 03:54 PM
172.28.106.168 Gratuitous ARP Jan 13 2015 05:12 PM
172.28.106.169 Gratuitous ARP Jan 14 2015 05:07 PM
172.28.106.170 Gratuitous ARP Jan 14 2015 05:50 PM
172.28.106.197 Gratuitous ARP Jan 16 2015 06:18 PM
172.28.106.60 Gratuitous ARP Jan 19 2015 07:56 AM
172.28.106.88 Gratuitous ARP Jan 19 2015 05:17 PM
172.28.106.94 Gratuitous ARP Jan 20 2015 12:46 PM
172.28.106.101 Gratuitous ARP Jan 21 2015 10:15 AM
172.28.106.102 Gratuitous ARP Jan 21 2015 02:08 PM
172.28.106.147 Gratuitous ARP Jan 28 2015 11:04 AM
172.28.106.159 Gratuitous ARP Jan 28 2015 12:37 PM
172.28.106.128 Gratuitous ARP Jan 28 2015 02:27 PM
172.28.106.165 Gratuitous ARP Jan 29 2015 12:31 PM
172.28.106.166 Gratuitous ARP Jan 30 2015 07:40 AM
172.28.106.178 Gratuitous ARP Jan 30 2015 02:20 PM
172.28.106.183 Gratuitous ARP Jan 30 2015 02:39 PM
172.28.106.69 Gratuitous ARP Feb 02 2015 09:40 AM
172.28.106.76 Gratuitous ARP Feb 02 2015 07:18 PM
172.28.106.91 Gratuitous ARP Feb 02 2015 08:17 PM
172.28.106.93 Gratuitous ARP Feb 02 2015 08:20 PM
172.28.106.200 Gratuitous ARP Feb 04 2015 01:41 PM
172.28.106.96 Gratuitous ARP Feb 05 2015 09:57 AM
172.28.106.111 Gratuitous ARP Feb 05 2015 01:42 PM
172.28.106.108 Gratuitous ARP Feb 06 2015 08:04 AM
172.28.106.122 Gratuitous ARP Feb 09 2015 05:11 PM
172.28.106.174 Gratuitous ARP Feb 11 2015 06:17 PM
172.28.106.179 Gratuitous ARP Feb 12 2015 06:18 PM
172.28.106.83 Gratuitous ARP Feb 16 2015 03:56 PM
02-16-2015 04:52 AM
Hi Vinayaka,
Gratuitous arp is not causing the duplicate IPs. The switch is detecting the duplicate IP via Gratuitous arp before assigning that IP to any DHCP client.
Can you please figure out if these IPs shown in the list are DHCP leased by the switch for statically assigned to any PCs.
CF
02-16-2015 08:54 PM
Hi,
The IPs shown in the list are part of DHCP pool configured and they are not leased to any clients because of the conflict. I have excluded only 103 addresses in total. But the excluded address is increased to 200 in show ip dhcp pool vlan28 output. This is because of the dhcp conflict. I would like to know why this G ARP is created and which are the host expected to respond to it. Also why the unassigned IPs are responding to this G ARP.
CORESWITCH#show run | i 172.28.106
ip dhcp excluded-address 172.28.106.1 172.28.106.50
ip dhcp excluded-address 172.28.106.201 172.28.106.254
CORESWITCH#show ip dhcp pool vlan28
Pool vlan28 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 19
Excluded addresses : 200
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased/Excluded/Total
172.28.106.99 172.28.106.1 - 172.28.106.254 19 / 200 / 254
CORESWITCH#show ip dhcp binding | i 172.28
172.28.106.51 0198.0d2e.fc07.ac Feb 18 2015 10:24 AM Automatic Active Vlan28
172.28.106.52 0188.1fa1.2095.20 Feb 18 2015 08:59 AM Automatic Active Vlan28
172.28.106.57 01a8.86dd.9446.36 Feb 18 2015 08:54 AM Automatic Active Vlan28
172.28.106.58 0184.3838.dc71.56 Feb 17 2015 12:28 PM Automatic Active Vlan28
172.28.106.59 0144.4c0c.cb80.fc Feb 18 2015 10:12 AM Automatic Active Vlan28
172.28.106.62 0130.f7c5.091a.b2 Feb 18 2015 09:33 AM Automatic Active Vlan28
172.28.106.64 0188.1fa1.208e.ee Feb 18 2015 09:24 AM Automatic Active Vlan28
172.28.106.65 012c.be08.f27e.cc Feb 18 2015 08:56 AM Automatic Active Vlan28
172.28.106.67 0178.3a84.4e58.a9 Feb 18 2015 09:46 AM Automatic Active Vlan28
172.28.106.70 01cc.3a61.a0ea.60 Feb 18 2015 09:43 AM Automatic Active Vlan28
172.28.106.71 0180.6c1b.e8fc.07 Feb 18 2015 09:12 AM Automatic Active Vlan28
172.28.106.73 0188.1fa1.1e49.2e Feb 18 2015 09:01 AM Automatic Active Vlan28
172.28.106.77 d0b3.3f9d.1191 Feb 18 2015 10:13 AM Automatic Active Vlan28
172.28.106.82 0150.ead6.6c4b.73 Feb 18 2015 10:20 AM Automatic Active Vlan28
172.28.106.86 0188.1fa1.1ece.f4 Feb 18 2015 09:26 AM Automatic Active Vlan28
172.28.106.87 0188.329b.4702.d9 Feb 17 2015 05:53 PM Automatic Active Vlan28
172.28.106.90 0180.6c1b.ab3c.63 Feb 17 2015 11:43 AM Automatic Active Vlan28
172.28.106.98 0140.7a80.0902.0c Feb 18 2015 09:26 AM Automatic Active Vlan28
172.28.106.198 01e8.150e.e43c.b5 Feb 18 2015 08:37 AM Automatic Active Vlan28
CORESWITCH#
02-16-2015 10:03 PM
Are you able to ping any of the system excluded IP from the switch?
If you are getting ping response for any of those IPs, some system has got IP assigned manually.
CF
07-21-2015 07:36 AM
Vinayaka,
Did you ever find a resolution to this? I am facing the same issue. From Windows machines I am seeing the conflict in the logs as coming from a switch port, and not the one that the system is plugged into.
running 03.06.00E on a 3650 with 15.3(3)M3 on a 2951
-Bill
07-21-2015 09:17 AM
William, I have not yet found the root cause.
But there is no use of logging the IP conflicts
enable below command to get rid of this issue. I am all good after enabling below command.
no ip dhcp conflict logging
07-21-2015 10:38 AM
Yeah, turned off logging, still getting Duplicate IP errors on the windows boxes with a MAC coming from a random switch port. May no be the same issues, just same symptoms? I'll bookmark this thread if I can solve it and get back to anyone else who may be interested.
This is a strange issue that I can only think has something to do with how long windows is taking to send arp replies. I only started seeing this when i rebuilt the network to eliminate the cascading access layer switches they had here and upgraded the fiber / channelized the ports......
07-21-2015 09:18 AM
08-15-2016 04:04 PM
I found a solution that works for me although I don't understand why. It just does.
In my setup I'm using a Cisco router 2911 connnected to a Cisco Catalyst 2960X. I configured another vlan (vlan 30) as my native vlan. This is a small office. Initially I only had about 10 PCs connected to the switch. The router was already connected to the corporate WAN.
As with everyone else on this forum I noticed that several of the PCs weren't assigned an IP address. I couldn't understand where were the gratuitous ARP assignments coming from.
The only thing I could think of was that it might have something to do with de default VLAN interface: VLAN1. I had already created a virtual interface VLAN30 and given it an IP address. So I shut down the VLAN1 virtual interface. I cleared the DHCP conflict table. No more gratuitous ARPs... no more IP addresses depleted in the DHCP table.
Hope this works for anyone else looking this up.
-Joey
10-16-2016 10:56 PM
HI,
I have face this issue in my network also, actually when your DHCP pool do not have IP and your clients are asking for IP then this happened, just use clear IP dhcp conflict * and try to set he lease expire time
05-23-2018 10:16 PM
If you have configured dhcp on the cisco switch then
First you need to check how many IP in the conflict list by the command
#Sh IP dhcp conflict
Then
#Clear ip dhcp conflict *
and Check after 30 min
if still the same ips cumming in the conflict list then you need to exclude from the dhcp rang.
and after 24 hours ping those IPs if still pinging its mean its assign manually.
Hope it will be helpful.
06-07-2018 01:05 AM
I would check your dhcp lease timings as to why the dhcp lease is not re allocating back to the dhcp server, Howerver the concerning part to me is it sounds like you may have/or are being subjected to a DHCP DOS attack.
I suggest to put some L2 prevention security inplace to negate such a threat if it is apllicable to your situation?
The simlpest thing i can think of at this time is DHCP snopping and rate limitation on the acces ports.
This has two usages:
1) all ports by default are untrusted so they will only allow client dhcp messages to pass through the port but stop dhcp server requests ( bogus dhcp servers)
2) dhcp rate limitation on the access port (if set to do so) will disbale that port if the limitation is reached and that put would be disbaled until you manually enable it or have a feature like error recovery( see below) to reenable it after a period or time.
conf t
ip dhcp snooping
ip dhcp snooping vlan xxx
int ran xx -xxx
ip dhcp snooping limit rate x
int xx
ip dhcp snooping trust ( trust this interace from a trusted dhcp server)
errordisable rcovery cause dhcp rate-limit
errordisable rcovery interval 150
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide