Hello fellow Experts Exchange members:
I request assistance with a confounding problem.
I have an office that uses Cisco Meraki access points all connected to a Cisco SG300-52P switch.
The office uses a separate vendor for their VoIP phone system.
The event log on the Meraki cloud controller is filled with entries that read "Multiple DHCP servers detected."
The entries state that the second DHCP server has an IP address that is not on any of our equipment with a MAC address that identifies it as a Cisco device.
When I put a secondary IP address on one of our devices in the same subnet as the unidentified device, the unidentified device responds to pings. Using telnet to connect on port 22 brings up the text "SSH-2.0-Cisco-1.25" but typing any character immediately results in "Connection to host lost."
The unidentified device does not respond on port 80 or 443.
Reviewing the MAC address tables on our Cisco switch, the MAC address of the unidentified device is seen on a port that is physically connected to the VoIP phone system vendor equipment.
(There are multiple MAC addresses listed in the MAC address table for this port besides the unidentified device.)
However, when troubleshooting with the VoIP phone system vendor, their technician reports they cannot detect the MAC address of the unidentified device on any of their equipment.
The first part of my question is if it is possible for a MAC address to appear on the MAC address tables in a Cisco switch for a particular port and yet be completely unknown to other devices connected to that port.
Also, I would like to know if any fellow Experts Exchange members have any advice on how to identify and locate the unidentified device in question if it is in fact connected to the VoIP phone system vendor equipment (which I do not have access to) and yet is not visible to them.