Wireless Access

Reply
Frequent Contributor II

DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Experiencing a very frustrating issue with our current RAP architecture.  The DHCP scope that serves users behind our RAPs gets flooded with BAD_ADDRESS entries. This causes all addresses to become available and users are unable to get on the network.  We have 25-30 scopes in our environment and this is the only scope that it's happing on.  Architecture looks like this:

 

7210 HeadEnd ===INTERNET===RAP-155/RAP-3 === Small Switch

 

The SSID and the wired connections in the switch are all on the same VLAN/network.  The default gateway handed out to all clients on that network is our core routers, not the controller.  Not sure if that matters. 

 

Anyone come across a similar situation?  We've sniffed the DHCP server VLAN and there is no smoking gun, yet the scope continues to fill up.  

I have a TAC case open, however I thought I'd throw it out here as well.  Thanks!

 

 

Aruba Employee

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

What is the DHCP server and where is it located? Is it on the local VLAN, or behind the core router?

 

 


Charlie Clemmer
Aruba Customer Engineering
Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

We use Windows Server 2012 R2, which sits on a server VLAN on our core (Cisco Nexus 7K's). 

We have 2 DHCP servers actually....scope is /22 and split in half between the servers. 

Aruba Employee

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

And the BAD_ADDRESS messages show up on the DHCP servers, correct? What is relaying DHCP to the servers? Is the controller acting as a relay, or the core router? 


Charlie Clemmer
Aruba Customer Engineering
Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Correct.  There is a DHCP helper on the L3 interface for the network for RAP users that points users/devices to the DHCP servers to acquire an address.  Controller is acting as a relay.

So you can see what I'm talking about, I cleared all the BAD ADDRESS entries out of DHCP about an hour ago and here is what's already repopulating:

bad address.JPG

Aruba Employee

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Most of what I've found for that error seems to be related to either rogue DHCP servers in the same scope, or devices that misbehave and don't renew properly. If you have a wireshark capture of the DHCP sequence (filter on bootp to just see the DHCP conversations), do you see any patterns such as a common mac address in the requests that lead to DHCP NAKs? 


Charlie Clemmer
Aruba Customer Engineering
New Contributor

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Hi

Did you find any solution? In the last few days, the wireless scopes have been filled with bad_address, there are some clients who fill the entire scoop. I have not seen the same error on the cable scoop. We run DHCP on Windows 2016.

 

M

Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

No solution yet.  We've separated the RAP wireless from the RAP wired by assigning the wireless clients a new VLAN.  The wireless scopes are now completely clean with no BAD_ADDRESS entries accumulating.  The wired side continues to accumulate.  This has something to do with a Cisco switch behind a RAP.  TAC is researching, but I am not hopeful.

Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

By manually putting an IP helper on the vlan on the controller we've slowed down the issue, although it still exists.  Instead of 20+ bad address errors per day, now we're getting only 2 or 3.  I also decreased the lease times to 8 hours from 8 days.  This seems to have had no effect. 

I'm going to research the "enforce dhcp" option on the controller and see if that may be a potential solution.  

Frequent Contributor I

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

You're using the controller as an DHCP relay? In my environment I used the SVI on a Cisco switch. Not saying you're incorrect just throwing that out there.

 

You're using two different DHCP servers for a single scope? Sounds like a race to respond. How would one server be aware of an addr which was handed out by the other server?

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: