Getting gratuitous arp in DHCP

himanshudwivedi · ‎07-05-2022

I am using Cisco Cat 3850 as a core switch, in which there are almost 20 DHCP Server with Lease time 7 Days. The issue here is that when I execute SHOW IP DHCP CONFLICT there are too many gratuitous ARP. So the users IP are getting frequently changed and when we chack the ARP table there are 2 IP showing with same MAC Address . Can anyone tell me what is the exact issue in this.

paul driver · ‎07-05-2022

Hello
Conflict logging is used to check for ip addressing that are already active so before the dhcp server assigns an address, this is performed via GARP messages, if it sees an active ip then that is recorded into a d/b file and is excluded from future allocation, This can have the effect of dhcp scopes exhausting or as you are seeing differing ip allocation.

To negate this you could either:

Turn off conflict logging or create a script to clear down that conflict d/b file daily.

no ip dhcp conflict logging
or
event manager applet dhcp-conflict
event timer cron cron-entry "23 59 * * *"
action 1.1 cli command "enable"
action 1.2 cli command "clear ip dhcp conflict *"
action 1.3 syslog msg "DHCP conflict records cleared"

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jitendra Kumar · ‎07-06-2022

Check the below article for a clear understanding..

DHCP conflict logging: the true story

https://blog.ipspace.net/2007/08/dhcp-conflict-logging-true-story.html

The on-line configuration help for the ip dhcp conflict logging configuration command (logging: Record address conflicts in a log file) is one of the more misleading texts I've found in Cisco IOS (and the CCO documentation is not much better). Here's how it actually works ...

If you have configured ip dhcp ping parameters (highly recommended), the router will ping the IP address it intends to allocate to a client before replying to the DHCP request. If the router receives ICMP Echo Reply message (response to ping), the address is obviously in use. If the DHCP conflict logging is enabled (default), the router will log the conflict with a syslog message (not in a separate log file) and put the address on the list of conflicts. The addresses on that list (displayed with show ip dhcp conflict) are not used in the future (similar to the addresses configured with the ip dhcp excluded-addresses command). To reuse a conflicting address, the network operator has to remove it from the list with the clear ip dhcp conflict address (or * for all addresses) command.

The DHCP conflict logging makes sense if the router uses persistent DHCP bindings (called DHCP database agents in Cisco IOS), otherwise any addresses allocated prior to a router reload would be reported as conflicts after the bindings are lost. If you don't use DHCP agents, it's thus best to turn off conflict logging with the no ip dhcp conflict logging configuration command. Even without conflict logging, there's no DHCP functionality loss and no chance of duplicate address allocation, as the router would still check whether an IP address is active before allocating it (and later on, it would be willing to re-check the conflicting IP address).

If you don't use DHCP database agents and you don't disable conflict logging (default setup), you'll have to clear the conflicts manually after a reload and you might potentially exhaust the DHCP pool because of a large number of blocked conflicting addresses.

Thanks,
Jitendra

MHM Cisco World · ‎07-06-2022

20 DHCP Server ? Wow huge number.
anyway are all DHCP Server have same IP POOL ?? if yes then only one user can make 20 DHCP Server reply and 20 GARP for each new IP.

for lease time this is issue you config it 7 days how you detect that the IP frequently change ??