Troubleshooting DHCP Conflicts
A DHCP conflict is recorded when the WAN Appliance detects two or more devices using the same IP address. This will likely cause connectivity issues for the devices sharing this IP address. The WAN appliance reports IP address conflicts in the Event Log, and an email alert can be configured to alert network administrators to the conflict.
Event Log
IP address conflicts are recorded in the WAN appliance's event log. Once logged into the Dashboard, browse to Network-wide > Monitor > Event log. The event log can be filtered to specific event types. We are interested in viewing only DHCP related events, so we select the "All DHCP" event tag.
If the WAN appliance is providing DHCP, normal DHCP leases will produce the following event logs:
Jul 1 07:00:00 iPhone DHCP lease duration: 86400, router: 192.168.10.1, server_ip: 192.168.10.1 more »
Expanding the more >> button will reveal information about the DHCP lease that was assigned:
vlan 0 vap 0 subnet 255.255.255.0 ip 192.168.1.251 dns 8.8.8.8 8.8.4.4 server_mac 00:28:0A:43:CA:7B
Note: A DHCP event that has a duration of 0 indicates that the device requested a DHCP option from the WAN appliance that is not configured in the DHCP settings.
After an IP address conflict is detected, a set of event logs will reflect the MAC addresses that are using the same IP address
Jul 1 11:00:00 Test-Windows8 Client IP conflict MAC: 70:32:4B:DE:70:62 also claims IP: 192.168.1.225 Jul 1 11:00:00 FileServer01 Client IP conflict MAC: 9B:00:AA:5F:AD:9F also claims IP: 192.168.1.225
Client IP Conflicts
The Client IP conflict logs do not mean necessarily that the WAN appliance (or another DHCP server) assigned the same IP address to multiple devices. The WAN appliance is reporting that two different MAC addresses have been seen sending traffic with the same IP address. Most IP conflicts are related to two issues:
- A rogue DHCP server on the network
- A static IP address is assigned to a device even though the IP address is a part of an active DHCP scope
If DHCP is enabled on the WAN appliance, you can check the event log to determine if it assigned the IP address listed in the conflict event. Active DHCP leases can also be seen from Security & SD-WAN > Monitor > Appliance status > DHCP. If another server besides the WAN appliance on the network is providing DHCP, those leases will not be shown.
The next step is to isolate one of the devices and change its IP address. The event log on the WAN appliance provides the MAC address of the devices that have the conflicting IP address. The Network-wide > Monitor > Clients page can be used to search for the MAC address of the client. Please review this knowledge base article on searching for specific clients. Select the client and view the status information to determine the switch and port number where the client is connected:
Before changing the IP address of the client you should note the IP address of the DHCP server that assigned the DHCP lease:
Make sure that the IP address of the DHCP server corresponds to the address of the correct server. If the address is another device, there is likely a rogue DHCP server on the network. The IP address can be used to track down the switch port that the DHCP server is connected to. Please refer to the following knowledge base article that details finding a rogue DHCP server.
IP Conflict Email Notification
Email alerts can be setup to alert administrators of IP conflicts from Network-wide > Configure > Alerts > WAN appliance: