William, I have not yet found

Vinayaka Raman · ‎02-16-2015

One of my wireless VLAN DHCP scope on cisco core switch is often exhausted due to Gratuitous ARP.

Please help me to check what is the cause of this.

Regards Vinayak

Cisco Freak · ‎02-16-2015

Hi Vinayaka,

Can you please explain more about the issue that you are facing?

CF

Vinayaka Raman · ‎02-16-2015

I have a VLAN with DHCP SCOPE and layer 3 configured on core switch.

the DHCP pool often gets exhausted and when I do show ip dhcp conflict most of the IPs conflicted due to Gratuitous arp

CORESWITCH# show ip dhcp conflict

172.28.106.195 Gratuitous ARP Oct 14 2014 04:44 PM

172.28.106.54 Gratuitous ARP Oct 14 2014 04:49 PM

172.28.106.189 Gratuitous ARP Oct 15 2014 12:28 PM

172.28.106.55 Gratuitous ARP Oct 17 2014 02:05 PM

172.28.106.74 Gratuitous ARP Oct 21 2014 09:39 AM

172.28.106.72 Gratuitous ARP Oct 23 2014 02:26 PM

172.28.106.89 Gratuitous ARP Oct 28 2014 03:09 PM

172.28.106.119 Gratuitous ARP Nov 03 2014 01:39 PM

172.28.106.124 Gratuitous ARP Nov 05 2014 08:03 AM

172.28.106.127 Gratuitous ARP Nov 05 2014 02:56 PM

172.28.106.131 Gratuitous ARP Nov 08 2014 01:59 PM

172.28.106.153 Gratuitous ARP Nov 10 2014 12:14 PM

172.28.106.139 Gratuitous ARP Nov 11 2014 07:57 AM

172.28.106.143 Gratuitous ARP Nov 11 2014 09:28 AM

172.28.106.157 Gratuitous ARP Nov 11 2014 02:36 PM

172.28.106.156 Gratuitous ARP Nov 11 2014 07:55 PM

172.28.106.162 Gratuitous ARP Nov 13 2014 06:48 PM

172.28.106.187 Gratuitous ARP Nov 18 2014 01:57 PM

172.28.106.176 Gratuitous ARP Nov 19 2014 02:30 PM

172.28.106.53 Gratuitous ARP Nov 19 2014 02:47 PM

172.28.106.199 Gratuitous ARP Nov 20 2014 11:18 AM

172.28.106.61 Gratuitous ARP Nov 20 2014 01:27 PM

172.28.106.56 Gratuitous ARP Nov 20 2014 01:39 PM

172.28.106.63 Gratuitous ARP Nov 21 2014 02:15 PM

172.28.106.85 Gratuitous ARP Nov 24 2014 07:17 PM

172.28.106.92 Gratuitous ARP Nov 25 2014 10:47 AM

172.28.106.95 Gratuitous ARP Nov 25 2014 02:14 PM

172.28.106.97 Gratuitous ARP Nov 27 2014 04:19 PM

172.28.106.100 Gratuitous ARP Nov 28 2014 09:18 AM

172.28.106.79 Gratuitous ARP Nov 28 2014 11:09 AM

172.28.106.104 Gratuitous ARP Nov 28 2014 05:20 PM

172.28.106.129 Gratuitous ARP Dec 01 2014 09:53 AM

172.28.106.130 Gratuitous ARP Dec 01 2014 11:19 AM

172.28.106.133 Gratuitous ARP Dec 01 2014 11:36 AM

172.28.106.134 Gratuitous ARP Dec 01 2014 03:04 PM

172.28.106.135 Gratuitous ARP Dec 01 2014 03:47 PM

172.28.106.136 Gratuitous ARP Dec 01 2014 04:13 PM

172.28.106.137 Gratuitous ARP Dec 02 2014 12:28 PM

172.28.106.141 Gratuitous ARP Dec 03 2014 09:33 AM

172.28.106.149 Gratuitous ARP Dec 05 2014 02:01 PM

172.28.106.151 Gratuitous ARP Dec 05 2014 04:21 PM

172.28.106.173 Gratuitous ARP Dec 08 2014 06:40 PM

172.28.106.182 Gratuitous ARP Dec 09 2014 09:28 AM

172.28.106.158 Gratuitous ARP Dec 09 2014 04:46 PM

172.28.106.185 Gratuitous ARP Dec 09 2014 05:05 PM

172.28.106.188 Gratuitous ARP Dec 10 2014 02:56 PM

172.28.106.186 Gratuitous ARP Dec 10 2014 06:19 PM

172.28.106.193 Gratuitous ARP Dec 12 2014 12:48 PM

172.28.106.75 Gratuitous ARP Dec 16 2014 02:37 PM

172.28.106.68 Gratuitous ARP Dec 16 2014 04:05 PM

172.28.106.80 Gratuitous ARP Dec 16 2014 06:02 PM

172.28.106.81 Gratuitous ARP Dec 17 2014 03:11 PM

172.28.106.84 Gratuitous ARP Dec 19 2014 02:03 PM

172.28.106.115 Gratuitous ARP Dec 23 2014 10:35 AM

172.28.106.78 Gratuitous ARP Dec 23 2014 01:37 PM

172.28.106.121 Gratuitous ARP Dec 24 2014 06:18 PM

172.28.106.125 Gratuitous ARP Dec 26 2014 10:02 AM

172.28.106.161 Gratuitous ARP Dec 29 2014 12:01 PM

172.28.106.181 Gratuitous ARP Dec 29 2014 03:08 PM

172.28.106.184 Gratuitous ARP Dec 30 2014 05:25 PM

172.28.106.66 Gratuitous ARP Jan 02 2015 09:44 AM

172.28.106.194 Gratuitous ARP Jan 03 2015 03:14 PM

172.28.106.106 Gratuitous ARP Jan 07 2015 01:54 PM

172.28.106.112 Gratuitous ARP Jan 07 2015 04:32 PM

172.28.106.113 Gratuitous ARP Jan 08 2015 04:48 PM

172.28.106.103 Gratuitous ARP Jan 09 2015 12:53 PM

172.28.106.164 Gratuitous ARP Jan 13 2015 12:13 PM

172.28.106.155 Gratuitous ARP Jan 13 2015 03:54 PM

172.28.106.168 Gratuitous ARP Jan 13 2015 05:12 PM

172.28.106.169 Gratuitous ARP Jan 14 2015 05:07 PM

172.28.106.170 Gratuitous ARP Jan 14 2015 05:50 PM

172.28.106.197 Gratuitous ARP Jan 16 2015 06:18 PM

172.28.106.60 Gratuitous ARP Jan 19 2015 07:56 AM

172.28.106.88 Gratuitous ARP Jan 19 2015 05:17 PM

172.28.106.94 Gratuitous ARP Jan 20 2015 12:46 PM

172.28.106.101 Gratuitous ARP Jan 21 2015 10:15 AM

172.28.106.102 Gratuitous ARP Jan 21 2015 02:08 PM

172.28.106.147 Gratuitous ARP Jan 28 2015 11:04 AM

172.28.106.159 Gratuitous ARP Jan 28 2015 12:37 PM

172.28.106.128 Gratuitous ARP Jan 28 2015 02:27 PM

172.28.106.165 Gratuitous ARP Jan 29 2015 12:31 PM

172.28.106.166 Gratuitous ARP Jan 30 2015 07:40 AM

172.28.106.178 Gratuitous ARP Jan 30 2015 02:20 PM

172.28.106.183 Gratuitous ARP Jan 30 2015 02:39 PM

172.28.106.69 Gratuitous ARP Feb 02 2015 09:40 AM

172.28.106.76 Gratuitous ARP Feb 02 2015 07:18 PM

172.28.106.91 Gratuitous ARP Feb 02 2015 08:17 PM

172.28.106.93 Gratuitous ARP Feb 02 2015 08:20 PM

172.28.106.200 Gratuitous ARP Feb 04 2015 01:41 PM

172.28.106.96 Gratuitous ARP Feb 05 2015 09:57 AM

172.28.106.111 Gratuitous ARP Feb 05 2015 01:42 PM

172.28.106.108 Gratuitous ARP Feb 06 2015 08:04 AM

172.28.106.122 Gratuitous ARP Feb 09 2015 05:11 PM

172.28.106.174 Gratuitous ARP Feb 11 2015 06:17 PM

172.28.106.179 Gratuitous ARP Feb 12 2015 06:18 PM

172.28.106.83 Gratuitous ARP Feb 16 2015 03:56 PM

Regards Vinayak

Cisco Freak · ‎02-16-2015

Hi Vinayaka,

Gratuitous arp is not causing the duplicate IPs. The switch is detecting the duplicate IP via Gratuitous arp before assigning that IP to any DHCP client.

Can you please figure out if these IPs shown in the list are DHCP leased by the switch for statically assigned to any PCs.

CF

Vinayaka Raman · ‎02-16-2015

Hi,

The IPs shown in the list are part of DHCP pool configured and they are not leased to any clients because of the conflict. I have excluded only 103 addresses in total. But the excluded address is increased to 200 in show ip dhcp pool vlan28 output. This is because of the dhcp conflict. I would like to know why this G ARP is created and which are the host expected to respond to it. Also why the unassigned IPs are responding to this G ARP.

CORESWITCH#show run | i 172.28.106

ip dhcp excluded-address 172.28.106.1 172.28.106.50

ip dhcp excluded-address 172.28.106.201 172.28.106.254

CORESWITCH#show ip dhcp pool vlan28

Pool vlan28 :

Utilization mark (high/low) : 100 / 0

Subnet size (first/next) : 0 / 0

Total addresses : 254

Leased addresses : 19

Excluded addresses : 200

Pending event : none

1 subnet is currently in the pool :

Current index IP address range Leased/Excluded/Total

172.28.106.99 172.28.106.1 - 172.28.106.254 19 / 200 / 254

CORESWITCH#show ip dhcp binding | i 172.28

172.28.106.51 0198.0d2e.fc07.ac Feb 18 2015 10:24 AM Automatic Active Vlan28

172.28.106.52 0188.1fa1.2095.20 Feb 18 2015 08:59 AM Automatic Active Vlan28

172.28.106.57 01a8.86dd.9446.36 Feb 18 2015 08:54 AM Automatic Active Vlan28

172.28.106.58 0184.3838.dc71.56 Feb 17 2015 12:28 PM Automatic Active Vlan28

172.28.106.59 0144.4c0c.cb80.fc Feb 18 2015 10:12 AM Automatic Active Vlan28

172.28.106.62 0130.f7c5.091a.b2 Feb 18 2015 09:33 AM Automatic Active Vlan28

172.28.106.64 0188.1fa1.208e.ee Feb 18 2015 09:24 AM Automatic Active Vlan28

172.28.106.65 012c.be08.f27e.cc Feb 18 2015 08:56 AM Automatic Active Vlan28

172.28.106.67 0178.3a84.4e58.a9 Feb 18 2015 09:46 AM Automatic Active Vlan28

172.28.106.70 01cc.3a61.a0ea.60 Feb 18 2015 09:43 AM Automatic Active Vlan28

172.28.106.71 0180.6c1b.e8fc.07 Feb 18 2015 09:12 AM Automatic Active Vlan28

172.28.106.73 0188.1fa1.1e49.2e Feb 18 2015 09:01 AM Automatic Active Vlan28

172.28.106.77 d0b3.3f9d.1191 Feb 18 2015 10:13 AM Automatic Active Vlan28

172.28.106.82 0150.ead6.6c4b.73 Feb 18 2015 10:20 AM Automatic Active Vlan28

172.28.106.86 0188.1fa1.1ece.f4 Feb 18 2015 09:26 AM Automatic Active Vlan28

172.28.106.87 0188.329b.4702.d9 Feb 17 2015 05:53 PM Automatic Active Vlan28

172.28.106.90 0180.6c1b.ab3c.63 Feb 17 2015 11:43 AM Automatic Active Vlan28

172.28.106.98 0140.7a80.0902.0c Feb 18 2015 09:26 AM Automatic Active Vlan28

172.28.106.198 01e8.150e.e43c.b5 Feb 18 2015 08:37 AM Automatic Active Vlan28

CORESWITCH#

Regards Vinayak

Cisco Freak · ‎02-16-2015

Are you able to ping any of the system excluded IP from the switch?

If you are getting ping response for any of those IPs, some system has got IP assigned manually.

CF

William Mackey · ‎07-21-2015

Vinayaka,

Did you ever find a resolution to this? I am facing the same issue. From Windows machines I am seeing the conflict in the logs as coming from a switch port, and not the one that the system is plugged into.

running 03.06.00E on a 3650 with 15.3(3)M3 on a 2951

-Bill

Vinayaka Raman · ‎07-21-2015

William, I have not yet found the root cause.

But there is no use of logging the IP conflicts

enable below command to get rid of this issue. I am all good after enabling below command.

no ip dhcp conflict logging

Regards Vinayak

William Mackey · ‎07-21-2015

Yeah, turned off logging, still getting Duplicate IP errors on the windows boxes with a MAC coming from a random switch port. May no be the same issues, just same symptoms? I'll bookmark this thread if I can solve it and get back to anyone else who may be interested.

This is a strange issue that I can only think has something to do with how long windows is taking to send arp replies. I only started seeing this when i rebuilt the network to eliminate the cascading access layer switches they had here and upgraded the fiber / channelized the ports......

Vinayaka Raman · ‎07-21-2015

pls refer

http://blog.ipspace.net/2007/08/dhcp-conflict-logging-true-story.html

Regards Vinayak

RipGeeker · ‎08-15-2016

I found a solution that works for me although I don't understand why. It just does.

In my setup I'm using a Cisco router 2911 connnected to a Cisco Catalyst 2960X. I configured another vlan (vlan 30) as my native vlan. This is a small office. Initially I only had about 10 PCs connected to the switch. The router was already connected to the corporate WAN.

As with everyone else on this forum I noticed that several of the PCs weren't assigned an IP address. I couldn't understand where were the gratuitous ARP assignments coming from.

The only thing I could think of was that it might have something to do with de default VLAN interface: VLAN1. I had already created a virtual interface VLAN30 and given it an IP address. So I shut down the VLAN1 virtual interface. I cleared the DHCP conflict table. No more gratuitous ARPs... no more IP addresses depleted in the DHCP table.

Hope this works for anyone else looking this up.

-Joey

hafizimranriaz · ‎10-16-2016

HI,

I have face this issue in my network also, actually when your DHCP pool do not have IP and your clients are asking for IP then this happened, just use clear IP dhcp conflict * and try to set he lease expire time

imranbangash99 · ‎05-23-2018

If you have configured dhcp on the cisco switch then

First you need to check how many IP in the conflict list by the command

#Sh IP dhcp conflict

Then

#Clear ip dhcp conflict *

and Check after 30 min

if still the same ips cumming in the conflict list then you need to exclude from the dhcp rang.

and after 24 hours ping those IPs if still pinging its mean its assign manually.

Hope it will be helpful.

sbhadrav@cisco.com · ‎06-07-2018

I would check your dhcp lease timings as to why the dhcp lease is not re allocating back to the dhcp server, Howerver the concerning part to me is it sounds like you may have/or are being subjected to a DHCP DOS attack.

I suggest to put some L2 prevention security inplace to negate such a threat if it is apllicable to your situation?

The simlpest thing i can think of at this time is DHCP snopping and rate limitation on the acces ports.

This has two usages:

1) all ports by default are untrusted so they will only allow client dhcp messages to pass through the port but stop dhcp server requests ( bogus dhcp servers)

2) dhcp rate limitation on the access port (if set to do so) will disbale that port if the limitation is reached and that put would be disbaled until you manually enable it or have a feature like error recovery( see below) to reenable it after a period or time.

conf t

ip dhcp snooping
ip dhcp snooping vlan xxx

int ran xx -xxx
ip dhcp snooping limit rate x

int xx

ip dhcp snooping trust ( trust this interace from a trusted dhcp server)

errordisable rcovery cause dhcp rate-limit
errordisable rcovery interval 150

DHCP conflict due to Gratuitous ARP.