The Switch > Monitor > DHCP Servers page displays information about any DHCP Servers seen by Meraki Switches on the LAN. From this page Administrators can configure Email Alerts to be sent when a new DHCP server is detected on the network, block specific devices from being allowed to pass DHCP traffic through the switches, and see information about any currently active or allowed DHCP servers on the network.
Learn more with this free online training course on the Meraki Learning Hub:
The Email Alerts dropdown menu can be used to enable Email Alerts to be sent to Administrators when a switch detects a new DHCP server on the network. This can also be configured from the Network-wide > Configure > Alerts page, under the Switch heading. Additionally, the Network-wide > Configure > Alerts page can be used to specify which Administrators receive these alerts.
Warning: The Email Alert feature only applies to switches which are NOT bound to a configuration template
Default DHCP Server Policy
The Default DHCP Server Policy can be set to either Allow or Block new DHCP servers. The default setting is to Allow all DHCP Servers on the network for easy installation into an existing environment. If the Default DHCP Server Policy is set to Block DHCP Servers, the only DHCP servers that will be allowed to pass traffic must be explicitly whitelisted from the DHCP Servers list or the Allowed DHCP Servers box.
Blocking DHCP Servers
By default DHCP Servers can be explicitly blocked by entering the MAC address of the server in question into the Blocked DHCP Servers box. This will prevent DHCP traffic sourced from that MAC from traversing the switches. The MAC address of the server to be blocked can either be entered manually or it will be automatically entered by Blocking a detected server from the DHCP Servers list.
Note: Meraki Switches configured as DHCP servers are always allowed to pass DHCP traffic.
Warning: Blocking a DHCP server will block that server for all VLANs and Subnets.
Note: DHCPv6 server can not be blocked using the MAC address.
Allowed DHCP Servers
If the Default DHCP Server Policy is set to 'Deny DHCP Servers' the Blocked DHCP Servers box will change to the Allowed DHCP Servers box. When this change is made only DHCP Servers with a MAC Address matching one of the entries in the Allowed DHCP Servers box will be allowed to pass DHCP traffic, all other detected DHCP Servers will not be allowed to pass DHCP traffic.
Detected DHCP Servers
The DHCP Servers list displays any clients on the network that have been observed sending DHCP responses. The table can display servers that have been detected in the the Last 2 Hours, Last Day, Last Week, and Last 30 Days by selecting the appropriate time period from the dropdown menu. DHCP Servers will only be listed here if a Meraki Switch on the network has seen DHCP response traffic sourced from that client. The table displays information such as the server MAC, VLANs and Subnets of operation, time last seen, and a copy of the most recent DHCP packet to be seen from that client. The screenshot below shows two different devices acting as DHCP Servers for 3 different VLANs across 4 different Subnets.
Note: DHCPv6 is not logged on the DHCP servers and ARP page of the switches.
The Description field lists the description of the Client from the Network-wide > Monitor > Clients list. Clicking on the Description will take you to the Client Details page for that client, if available. If the client is another Meraki device in the Network, such as the 'Main MX' in the image above you will be taken to the Appliance Status or Details page for that device.
The MAC field lists the MAC address that was seen as the Source of a DHCP packet coming from the DHCP server, such as a DHCP Offer.
The VLAN field shows what VLAN the DHCP server was detected on. If a single DHCP Server is responding on multiple VLANs one entry for each VLAN will be created. For example, in the screenshot above the 'Main MX' is acting as a DHCP server for both VLAN 100 and VLAN 99.
The Subnet field shows what Subnet the DHCP server was detected on. If a single DHCP server is responding on multiple subnets one entry for each subnet will be created. For example, in the screenshot above the unidentified Gateway is acting as a DHCP server for two different subnets that are both seen on VLAN 999.
The IP field lists the IP address that the server was last seen responding with for a specific entry. In the example image above, we can see that the 'Main MX' DHCP server responds from two different IPs, depending on which subnet the DHCP request originated from while the unidentified Gateway responds on both of its subnets from the same IP.
The Last Seen field displays the amount of time since a DHCP packet was seen from that server. Depending on the length of time it may be displayed in Minutes, Hours, or Days.
The Recent Packet field displays a link that when clicked will bring up a pop-up window displaying the most recent DHCP packet to come from the server. Below is an image of an example packet as displayed after clicking the Recent Packet link.
The Policy field displays the policy applied to a specific DHCP Server, either 'allowed' or 'blocked.'
The Seen By field lists which switches in the Network have detected a specific DHCP server. Clicking on the name of one of the switches will bring you to the Switch Details page for that switch.
Last ACK IP
The Last ACK IP field displays the IP of the client that was last sent a DHCP ACK by the DHCP Server.
Last ACK Seen
The Last ACK Seen field displays the amount of time since the last DHCP ACK was seen for a specific server. Like the Last Seen field, the length of time may be displayed in Minutes, Hours, or Days.
NOTE: The Seen By, Last ACK IP, and Last ACK Seen fields are not shown by default and must be added by clicking the '+' icon on the right side of the table headers.