【Typical Case】How to Troubleshoot IP Address Conflicts on Ruijie Gateways

Keywords

Ruijie gateway, IPaddress conflict, DHCP snooping
Issue Description
An IP address conflict isdisplayed on a Ruijie gateway.
Phenomenon 1:
When a DHCP server detects an IP address conflict, the following logs are displayed:

[SOP] How to Troubleshoot IP Address Conflictson Ruijie Gateways

Keywords:

Ruijie gateway, IPaddress conflict, DHCP snooping
Issue Description

An IP address conflict isdisplayed on a Ruijie gateway.
Phenomenon 1:
When a DHCP server detects an IP address conflict, the following logs are displayed:

Before assigning an IP address, the DHCP server pings the IP address to ensure that it is not in use. If the IP address to be allocated is already occupied, an IP address conflict alarm is generated. In addition to the preceding logs, you can run the show ip dhcp conflict command to display records of IP address conflicts. Since conflict detection occurs before IP address assignment, this alarm has no impact on services.

Phenomenon 2:
When an ARP entry conflict occurs, the following logs are displayed

When an IP address is shared by multiple clients and the device detects a change inthe ARP entry, the preceding logs are generated. This conflict can lead tonetwork instability and impact the services of clients using the conflicting IPaddress.

[size=14.6667px]2. Cause Analysis

1.Some clients are configured with static IPaddresses, which may conflict with the IP addresses assigned by the DHCP serveron the gateway.
2. There is an unauthorized DHCP server on thenetwork.
3. When the gateway restarts or the DHCP server settings are updated, the DHCP address pool is released, but the clients still use the IP address from the released DHCP address pool.
3. Solutions

3.1 Some clients are configured with static IP addresses, which may conflict with the IP addresses assigned by the DHCP server on the gateway.
Some clients are configured with static IP addresses. If the DHCP server can ping the IP address before assigning it, logs in Phenomenon 1 will be generated. If the client is offline during the ping, the DHCP server may allocate the IP address to another client. If both clients are online at the same time, logs in Phenomenon 2 will be generated.
Solution:
IP address conflicts in this scenario typically generate only a small number of logs, and the conflicting IP addresses are relatively fixed. You can use the MAC address in the logs to check the MAC table on each switch to identify the client and switch its address acquisition method to DHCP. If the network mainly consists of wireless clients and the client cannot be located, you can block its access by adding its MAC address to the AP’s blocklist.
3.2 There is an unauthorized DHCP server on the network.
Anunauthorized DHCP server on the network may trigger logs similar to Phenomenon 1 and Phenomenon 2. These logs are generated frequently, and a large number of IP address conflicts may occur. If there is also a gateway IP conflict (indicated by ARP conflict logs for the gateway IP), it can lead to unstable Internet access for a large amount of clients, severely affecting service operations.
Solution: Check the network topology to locate the unauthorized DHCP server and disable it. If it is difficult to locate the unauthorized DHCP server on a complex network, you are advised to enable DHCP snooping on all switches on thenetwork. In this way, only authorized uplink ports are trusted.
To enable DHCP snooping, see the following documents:
1. How to configure DHCP snooping on NBS switch?
https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=5984&extra=page%3D1
2. How to enable DHCP snooping on RG-ES switches?
https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=5945&extra=page%3D1
3. Configure DHCP snooping on Ruijie switches

1. Enable DHCP snooping on the access switch.   Ruijie>enable        Ruijie#configure terminal   Ruijie(config)#ip dhcp snooping  ------> Enable DHCP snooping.         2. Configure the interface connected to the DHCP server as a trusted port.   Ruijie(config)#interface gigabitEthernet 0/49   Ruijie(config-GigabitEthernet 0/49)#ip dhcp snooping trust    --------All interfaces on the switch with  DHCP snooping enabled are untrusted interfaces. The switch forwards only DHCP  response packets (offer and ACK) received from trusted interfaces.         3. Save the configuration.   Ruijie(config-GigabitEthernet 0/49)#end        Ruijie#write//Verify and save the configuration.

3.3 When the gateway restarts or the DHCP server settings are updated, the DHCP address pool is released, but the clients still use the IP address from the released DHCP address pool.
If the gateway is restarted or the DHCP server configuration is changed (e.g.,modifying the IP pool range), the address pool will be released, but clients may still use the old IP addresses. This can result in a large number of IP address conflicts, resulting in the generation of logs in Phenomenon 1 and Phenomenon 2. Unlike IP address conflicts caused by the DHCP server, this scenario typically sees a decrease in conflicts after a service peak period, with no significant impact on service operations.
Troubleshoot steps:

Run the showip dhcp server track mac xxxx.xxxx.xxxx (client MAC address) command to display IP address allocation or reclaiming records of the client.
1. The information output in the IP address allocation phase is as follows:

show ip dhcp server track mac c62b.6c7d.b1d7   log count 7   Fri Jul 19 17:52:18 2024   mac:c62b.6c7d.b1d7, ifdex:1, giaddr:0.0.0.0, vid:0, l2ifdex:0,  ipaddr:10.0.6.49, unicast   recv request packet              //Receive a request packet from the client.   request packet pretreatment   agent current offer status   agent request event deal   send ack pack                   //Send  the ACK packet.   agent change bind status        //The  client changes to binding status.   end      Fri Jul 19 17:52:18 2024   mac:c62b.6c7d.b1d7, ifdex:1, giaddr:0.0.0.0, vid:0, l2ifdex:0,  ipaddr:10.0.6.49, unicast   ping Timer timeout              //Perform a ping before IP address assignment. If the result is  timeout, the IP address is not occupied.   agent current checking status   agent ping pass deal   send offer pack                //Send  an offer packet to the client.   agent change offer status   end      Fri Jul 19 17:52:18 2024   mac:c62b.6c7d.b1d7, ifdex:1, giaddr:0.0.0.0, vid:0, l2ifdex:0,  ipaddr:10.0.6.49, unicast   recv discover packet             //Receive a DHCP discover packet.   agent current checking status   agent discover event deal   end

3. The DHCP server reclaims the address when there is a change in the DHCP server configuration.

4. The DHCP server reclaims the address when the lease expires.

Usingthe preceding methods, you can determine whether the conflicting IP address waspreviously allocated by the gateway, as well as identify the reason for thereclamation.
Solution: If services are unaffected, you are advised to keep observing the situation.After a peak period, check whether the alarms persist. If they do, and nounauthorized DHCP server is identified, contact our online service engineer forfurther troubleshooting.
Information Collection
1. One-click collection
2. Command-based collection
show ip dhcp server track mac xxxx.xxxx.xxxx (client MAC address)
3. On the LAN side, filter and obtain DHCP packet susing the destination port UDP 67.