- Last updated
- Save as PDF
A DHCP conflict is recorded when the WANAppliance detects two or more devices using the same IP address. This will likely cause connectivity issues for the devices sharing this IP address. The WAN appliancereports IP address conflicts in the Event Log, and an email alert can be configured to alert network administrators to the conflict.
Event Log
IP address conflicts are recorded in the WAN appliance'sevent log.Once logged into the Dashboard, browse to Network-wide >Monitor > Event log. The event log can be filtered to specific event types. We are interested in viewing only DHCP related events, so we select the "All DHCP" event tag.
If the WAN applianceis providing DHCP, normal DHCP leases will produce the following event logs:
Jul 1 07:00:00 iPhone DHCP lease duration: 86400, router: 192.168.10.1, server_ip: 192.168.10.1 more »
Expanding the more >>button will reveal information about the DHCP lease that was assigned:
vlan 0vap 0 subnet 255.255.255.0 ip 192.168.1.251 dns 8.8.8.8 8.8.4.4 server_mac 00:28:0A:43:CA:7B
Note: A DHCP event that has a duration of 0 indicates that the device requested a DHCP option from the WAN appliancethat is not configured in the DHCP settings.
After an IP address conflict is detected, a set of event logs will reflect the MAC addresses that are using the same IP address
Jul 1 11:00:00 Test-Windows8 Client IP conflict MAC: 70:32:4B:DE:70:62 also claims IP: 192.168.1.225Jul 1 11:00:00 FileServer01 Client IP conflict MAC: 9B:00:AA:5F:AD:9F also claims IP: 192.168.1.225
Client IP Conflicts
The Client IP conflict logs do not mean necessarily that the WAN appliance(or another DHCP server) assigned the same IP address to multiple devices. The WAN applianceis reporting that two different MAC addresses have been seen sending traffic with the same IP address. Most IP conflicts are related to two issues:
- A rogue DHCP server on the network
- A static IP address is assigned to a device even though the IP address is a part of an active DHCP scope
If DHCP is enabled on the WAN appliance, you can check the event log to determine if it assigned the IP address listed in the conflict event.Active DHCP leases can also be seen fromSecurity & SD-WAN >Monitor > Appliance status> DHCP. If another server besides the WAN applianceon the network is providing DHCP, those leases will not be shown.
The next step is to isolate one of the devices and change its IP address. The event log on the WAN appliance provides the MAC address of the devices that have the conflicting IP address. TheNetwork-wide >Monitor > Clients page can be used to search for the MAC address of the client. Please review this knowledge base article on searching for specific clients. Select the client and view the status information to determine the switch and port number where the client is connected:
Before changing the IP address of the client you should note the IP address of the DHCP server that assigned the DHCP lease:
Make sure that the IP address of the DHCP servercorrespondsto the address of the correct server. If the address is another device, there is likely a rogue DHCP server on the network. The IP address can be used to track down the switch port that the DHCP server is connected to. Please refer to the following knowledge base article that details finding a rogue DHCP server.
IP Conflict Email Notification
Email alerts can be setup to alert administrators of IP conflicts from Network-wide >Configure > Alerts> WANappliance:
