Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
6
Replies

AP getting DHCP offer from another AP

bcomanescu157
Level 1
Level 1

‎08-02-2022 04:04 AM

I  have around 40AP´s in one site and they are randomly dropping off the network, obtaining an IP in the wrong subnet.

The first time I saw this is 6 months ago, and it only happens for one site.

The problem summary is : 

Management Vlan 100 Subnet 10.98.64.0/24
1. AP 1 – regular lease expires in subnet 10.98.64.0/24 – DHCP Discover sent on Vlan 100

  1. AP 2 – sends an offer back on Vlan 100/offer contains client IP in 192.168.1.0/24 subnet/sourced with IP 192.168.1.1
  2. DHCP Server (reached via dhcp relay on router in Vlan 100) – sends a correct offer in subnet 10.98.64.0/24
  3. AP 1 – depending on which offer is faster reaching the AP, the IP will be preferred/request sent.

Subnet 192.168.1.0/24 is not configured anywhere on the network.

I know it comes from another AP after looking for the MAC address.

Also, it is not only one AP that sends the DHCP offer for subnet 192.168.1.0/24, it is more of them but all of them under the 192.168.1.1 address.

Has anyone stumbled upon this issue before? 

Might enabling DHCP snooping be able to solve the issue? Even so, i still want to find the root cause in order to avoid this happening to other sites in the future

0 Helpful
6 Replies 6

marce1000
VIP
VIP

‎08-02-2022 04:22 AM

 

- If these dhcp offers are coming from rogue ap's  then you will definitely need DHCP snooping , Wireshark and or traffic capture can reveal the mac address from the malicious dhcp server (service).

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

bcomanescu157
Level 1
Level 1
In response to marce1000

‎08-02-2022 04:30 AM

They're APs in the same topology, linked to the same WLC.

What should I look for in the AP config or WLC in order to stop the other APs from sending DHCP messages?

0 Helpful

marce1000
VIP
VIP
In response to bcomanescu157

‎08-02-2022 05:11 AM

 

  >...What should I look for in the AP config or WLC in order to stop the other APs from sending DHCP messages?

 - That never happens when these are capwap access points and joined to the controller (check). You are getting confused with some other phenomenon happening on the network.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

JPavonM
VIP
VIP

‎08-02-2022 05:19 AM

Definitely something attached to the network as DHCP server.

Look for ISP router (which seems to be the case on a remote branch), LTE gateway, hotspot, or maybe a casting device,...

0 Helpful

nordovv
Level 1
Level 1

‎08-02-2022 05:42 AM

yes, it should be DHCP unequivocally

0 Helpful

Rich R
VIP
VIP

‎08-02-2022 07:03 AM - edited ‎08-02-2022 07:08 AM

If the DHCP offers are really coming from the APs and not something spoofing the AP MAC address (check the switch MAC address tables) then you might have APs running Mobility Express software with local DHCP server configured? (That's not default so somebody would have had to configure them that way - usually only used for site survey AP on a stick)
What model of AP are they (full model number) and what software are they running (show ver)?

If that is the case then convert them to standard CAPWAP APs:
See the section Converting an AP from Mobility Express to CAPWAP Type in https://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/82/user_guide/b_ME_User_Guide_82/appendix.html
Take note that you have to login to the ME AP and then login to the AP using apciscoshell and then change the ap-type (many people make the mistake of trying to change the ap-type from the ME CLI where the command is not recognised).

ps. you could probably work this out remotely by using "show cdp neigh detail" on your switch to see what software the APs are running.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card