Solved

Can not permanently delete BAD_ADDRESS from DHCP - Server 2012

Posted on 2016-11-04
4
16 Views
Last Modified: 2016-11-25
Hi,

I have about 30 BAD_ADDRESS and when I delete them from DHCP, all entries come back a few minutes later. How do I permanently delete these entries and how do they generate.  Thanks in advance.
0
Comment
Question by:FredSwierczewski
  • 2
4 Comments
 
LVL 68

Accepted Solution

by:
Qlemo earned 375 total points (awarded by participants)
Comment Utility
This are IP addresses found in use (some device responding on ping) while DHCP wants to give them out to clients. A DHCP Offer from the server always performs a ping test first, and if the IP is in use despite free in DHCP, BAD_ADDRESS is logged. I'm not certain whether the MAC address reported is useful, IIRC it is encoding a state and hence not useful for finding out which device(s) should that be.
Those devices have either not been rebooted for a long time (and not following the DHCP protocol to renew their IP after at least half of the lease time), or (more likely) use static IPs colliding with the DHCP pool.
0
 
LVL 20

Assisted Solution

by:CompProbSolv
CompProbSolv earned 125 total points (awarded by participants)
Comment Utility
Qlemo provided an excellent answer to which I'll add a troubleshooting method.  It's crude, but it should work.

If you're not getting any good information (MAC or IP address) of the conflicting devices, you can locate them with a bit of effort.  When it won't disturb the users (outside business hours?), note exactly how many bad addresses you have, disconnect cables from the switch and clear the bad addresses from DHCP.  Watch it for the few minutes it took for the addresses to return.  If they don't, then reconnect cables one at a time and wait a few minutes.  When you have connected a cable with an offending device, the bad addresses should return.
0
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 375 total points (awarded by participants)
Comment Utility
If you've got managed switches, you can ping the IP address from a workstation, then get the MAC address with arp -a, and look up that MAC address in the switch's port table.
If the device is directly connected to that switch, a single port is the result, and you can follow up the culprit.
If the port is connected to another switch, the port table contains more than one MAC address; the connected switch needs to get checked, and so on. This of course ends at unmanaged switches.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now