Home > Security and SD-WAN > DHCP > Troubleshooting DHCP Conflicts

Troubleshooting DHCP Conflicts

A DHCP conflict is recorded when an MX Security Appliance detects two or more devices using the same IP address. This will likely cause connectivity issues for the devices sharing this IP address. The MX reports IP address conflicts in the Event Log, and an email alert can be configured to alert network administrators to the conflict.  

Event Log

IP address conflicts are recorded in the MX event log. Once logged into the Dashboard, browse to Network-wide > Monitor > Event log. The event log can be filtered to specific event types. We are interested in viewing only DHCP related events, so we select the "All DHCP" event tag.


If the MX is providing DHCP, normal DHCP leases will produce the following event logs:

Jul 1 07:00:00 iPhone DHCP lease duration: 86400, router:, server_ip:  more » 


Expanding the more >> button will reveal information about the DHCP lease that was assigned:


vlan 0
vap 0 
server_mac 00:28:0A:43:CA:7B 


Note: A DHCP event that has a duration of 0 indicates that the device requested a DHCP option from the MX that is not configured in the DHCP settings.


After an IP address conflict is detected, a set of event logs will reflect the MAC addresses that are using the same IP address


Jul 1 11:00:00 Test-Windows8 Client IP conflict MAC: 70:32:4B:DE:70:62 also claims IP:
Jul 1 11:00:00 FileServer01 Client IP conflict MAC: 9B:00:AA:5F:AD:9F also claims IP:

Client IP Conflicts

The Client IP conflict logs do not mean necessarily that the MX (or another DHCP server) assigned the same IP address to multiple devices. The MX is reporting that two different MAC addresses have been seen sending traffic with the same IP address. Most IP conflicts are related to two issues:

  • A rogue DHCP server on the network
  • A static IP address is assigned to a device even though the IP address is a part of an active DHCP scope

If DHCP is enabled on the MX, you can check the event log to determine if it assigned the IP address listed in the conflict event. Active DHCP leases can also be seen from Security & SD-WAN > Monitor > Appliance status > DHCP. If another server besides the MX on the network is providing DHCP, those leases will not be shown.


The next step is to isolate one of the devices and change its IP address. The event log on the MX provides the MAC address of the devices that have the conflicting IP address. The Network-wide > Monitor > Clients page can be used to search for the MAC address of the client. Please review this knowledge base article on searching for specific clients. Select the client and view the status information to determine the switch and port number where the client is connected:


Before changing the IP address of the client you should note the IP address of the DHCP server that assigned the DHCP lease:


Make sure that the IP address of the DHCP server corresponds to the address of the correct server. If the address is another device, there is likely a rogue DHCP server on the network. The IP address can be used to track down the switch port that the DHCP server is connected to. Please refer to the following knowledge base article that details finding a rogue DHCP server.

IP Conflict Email Notification 

Email alerts can be setup to alert administrators of IP conflicts from Network-wide > Configure > Alerts > Security appliance:

mx alerts.PNG

Last modified



This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 1339

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community