Wireless Access

Reply
Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

I have all my helpers on the SVI's as well (Cisco Nexus 7K as core).  I've always left off helpers on the vlans and their SVIs on the controllers.  To try and troubleshoot this issue I added them to the vlan that was having the issue.

yes, I'm using 2 different DHCP servers.  However, we have failover configured so that both servers are always in sync.  Reservations only need to be made on one of the servers, etc. 

Frequent Contributor I

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Two thoughts. 1. In your topology diagram when you say Small Switch are you describing an unmamanged switch? 2. Check the windows event viewer for DHCP. Lots of juicy info in there.

Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

No, the switch is managed, but it is all vlan 1/out-of-the-box with 802.1x turned on.  Looked at the event viewer already and yes, there's a ton of info in there, but can't find anything pertinent to what I'm experiencing.  

This morning, however, I may have found a smoking gun.  Happened to be monitoring DHCP when a bad address error came.  Was able to look up the IP in the ARP table on the Nexus 7K's and get the MAC. Then looked up the MAC on the controller and was able to trace it down to the RAP and Cisco switch hanging off of it.  Noticed several dot1x errors and port up/port down entries inthe switch logs.  So i looked at our ClearPass access tracker and found the device was bouncing between dot1x and mac auth. This may be ClearPass related, but I'm on with TAC right now and will dig deeper. 

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

I think you're on the right track looking into the enforce DHCP option. I would still suggest investigating your DHCP traffic to see if there isn't a rogue DHCP server/device that's answering clients that you're not aware of. It could also be an issue with the overlapping scopes between the two Windows 2012 DHCP servers. I haven't personally implemented that kind of failover with Windows DHCP servers. With 2012, my experience was always that split scopes were more reliable. To do DHCP redundancy (at that time), it usually meant going to Infoblox or BlueCat for an appropriate synchronized solution.


Charlie Clemmer
Aruba Customer Engineering
New Contributor

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Were you able to find a fix for this? I am experiencing the same issue. We have multiple sites all connected Via MPLS with Centralized DHCP. I added the DHCP server IP in as a IP helper address on the Router at the branch site. Was curiouse if that needs to just be the IP of the Clearpass server. 

Frequent Contributor I

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Is it causing problems? You might want to check the DHCP server logs. If it's Windows, it's all in Event Viewer.  You were correct to add the DHCP server as an IP helper address (otherwise the layer 2 DHCP requests would never reach the server). I believe you CAN add clearpass as an IP helper, for example when you're using Clearpass as a NAC but I don't think that's relevant to your situation.

Highlighted
Frequent Contributor II

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

The issue subsided when I split the wired and wireless into 2 separate scopes.  They were previously all on one.  I also shortened the lease time to 8 hours (from 8 days).

In answer to your question, you should have the ClearPass IP as a helper AND your DHCP server.  The DHCP server will provide the IP and the ClearPass IP will allow ClearPass to see the DHCP request and add it to the endpoints database.  

New Contributor

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

I removed the Clearpass configuration on my switchport so it would no longer authenticate with the NAC server. This resolved the issue. It looks to be a Clearpass NAC config issue.

New Contributor

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

Any update from Aruba TAC on this issue. I am experiencing it as well

New Contributor

Re: DHCP Scope Filling With "BAD_ADDRESS". Culprit?

I added the following command to the switch and it resolved my issues.

 

    ip device tracking probe auto-source override

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: