A DHCP conflict is recorded when an MX Security Appliance detects two or more devices using the same IP address. This will likely cause connectivity issues for the devices sharing this IP address. The MX reports IP address conflicts in the Event Log, and an email alert can be configured to alert network administrators to the conflict.
IP address conflicts are recorded in the MX event log. Once logged into the Dashboard, browse to Network-wide > Monitor > Event log. The event log can be filtered to specific event types. We are interested in viewing only DHCP related events, so we select the "All DHCP" event tag.
If the MX is providing DHCP, normal DHCP leases will produce the following event logs:
Jul 1 07:00:00 iPhone DHCP lease duration: 86400, router: 192.168.10.1, server_ip: 192.168.10.1 more »
Expanding the more >> button will reveal information about the DHCP lease that was assigned:
vlan 0 vap 0 subnet 255.255.255.0 ip 192.168.1.251 dns 126.96.36.199 188.8.131.52 server_mac 00:28:0A:43:CA:7B
Note: A DHCP event that has a duration of 0 indicates that the device requested a DHCP option from the MX that is not configured in the DHCP settings.
After an IP address conflict is detected, a set of event logs will reflect the MAC addresses that are using the same IP address
Jul 1 11:00:00 Test-Windows8 Client IP conflict MAC: 70:32:4B:DE:70:62 also claims IP: 192.168.1.225 Jul 1 11:00:00 FileServer01 Client IP conflict MAC: 9B:00:AA:5F:AD:9F also claims IP: 192.168.1.225
Client IP Conflicts
The Client IP conflict logs do not mean necessarily that the MX (or another DHCP server) assigned the same IP address to multiple devices. The MX is reporting that two different MAC addresses have been seen sending traffic with the same IP address. Most IP conflicts are related to two issues:
- A rogue DHCP server on the network
- A static IP address is assigned to a device even though the IP address is a part of an active DHCP scope
If DHCP is enabled on the MX, you can check the event log to determine if it assigned the IP address listed in the conflict event. Active DHCP leases can also be seen from Security & SD-WAN > Monitor > Appliance status > DHCP. If another server besides the MX on the network is providing DHCP, those leases will not be shown.
The next step is to isolate one of the devices and change its IP address. The event log on the MX provides the MAC address of the devices that have the conflicting IP address. The Network-wide > Monitor > Clients page can be used to search for the MAC address of the client. Please review this knowledge base article on searching for specific clients. Select the client and view the status information to determine the switch and port number where the client is connected:
Before changing the IP address of the client you should note the IP address of the DHCP server that assigned the DHCP lease:
Make sure that the IP address of the DHCP server corresponds to the address of the correct server. If the address is another device, there is likely a rogue DHCP server on the network. The IP address can be used to track down the switch port that the DHCP server is connected to. Please refer to the following knowledge base article that details finding a rogue DHCP server.
IP Conflict Email Notification
Email alerts can be setup to alert administrators of IP conflicts from Network-wide > Configure > Alerts > Security appliance: