Random clients declined IP address by DHCP
Random clients declined IP address by DHCP
Hi,
Since a couple of days random client devices (which have been active on the network for months) are declined an IP address by the DHCP server of the switch. I've ran a Wireshark session for more than 24 hours and noticed a client tries to get an IP address and is simply declined one by the switch:
The behavior is random. I've had 4 different devices in this situation during the last 3 days.
After a while the devices do get an IP address after all but it can be after 15 minutes or after hours (with one occurence the only 'solution' was a reboot of the switch).
As a side note: I assumed their could have been a rogue DHCP server on the network but I didn't find any trace of it. All replies come from my switch.
Unfortunately, my Wireshark froze and crashed before I could save the entire session so I cannot upload the session log.
Is this a known issue? What can I do to resolve this?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
the DHCP range is 192.168.0.1 to 254 with two reservations (my NAS - for reasons of remote accessibility and also used as remote syslog server within the networtk - and an old iPad - which fails to get an IP address automatically without the reservation).
192.168.0.5 was simply the address of the device on which the WireShark capture was running. I don't think it has anything to do with the issues. At least, I didn't experience any issues with it for as long as I have been using this laptop (almost 1 year).
One thing I noticed is that I can enable the option to make the switch only to accept DHCP assignments from the TP-Link router. I think I'll do that to see if it helps. As @Virgo said all seems to indicate there's a rogue DHCP server in the network but I don't see any direct evidence or links to it in the logging.
- Copy Link
- Report Inappropriate Content
that'll be legal dhcp server.
if you run any services on docker(you mentioned nas) you can give a check on your nas. could be some server being a secondary dhcp server
- Copy Link
- Report Inappropriate Content
Update: still unable to find a rogue DHCP although I've seen clients with identical IPs. The last case today. While working on my desktop pc my son, who came home 10 minutes earlier, complained he couldn't get onto the internet. Immediately checked the IP and it was identical to that of my pc. I started a Wireshark session and ran Microsoft's rogue DHCP detection tool. I also did several DHCP requests from my Macbook. Each DHCP request was answered only by my TP-Link router and the tool didn't find another one.
I'm starting to think it's an issue with the router ...
I've reduced the DHCP lease time to 30 minutes (was 120) to see if the number of conflicts is reduced.
- Copy Link
- Report Inappropriate Content
Looking at the MAC address you mentioned as the client (76:99) that MAC is not registered to any vendor, it looks to be a private mac address
Do you have private mac on your iphones / ipads?
- Copy Link
- Report Inappropriate Content
i doublechecked and, yes, all Apple devices here have a private MAC address as part of the private settings
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4359
Replies: 15
Voters 0
No one has voted for it yet.