dhcp issues 2 ip addresses to same computer on same subnet
-
@cd said in dhcp issues 2 ip addresses to same computer on same subnet:
I have a managed tp-link switch. I updated the firmware and disabled its dhcp VLAN is 40 on the switch
So the switch is running in layer 2 mode and this VLAN is terminated on pfSense?
i plug my laptop into that switch and it got 2 ip addresses and no internet access.
Why am i getting 2 addresses?Maybe there are tow DHCP servers in this subnet. Or the only one DHCP server gets requests from two MACs.
Checkout which servers the leases are from.
You can also sniff the DHCP traffic on the traffic on the laptop.
-
@viragomann VLAN tag is set at router port => switch.
I got 2 ip addresses within seconds from same subnet.
192.168.40.14 b8:27:eb:d8:XXXX pi2 2024/01/30 16:41:14 2024/01/30 18:41:14
192.168.40.13 b8:27:eb:d8:XXXX pi2 2024/01/30 16:41:40 2024/01/30 18:41:40 -
@cd is that same mac or different?
BTW - there is really little reason to hide a mac address.. Unless its the mac address of your wifi router, nobody would ever see those - there is no way to find them?
Now if if was the mac address of your wifi router - there are databases of war driving that maps out ssid mac of the wifi router, etc.. but for example the mac of my pc ethernet card..
Ethernet adapter Local: Connection-specific DNS Suffix . : home.arpa Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, January 30, 2024 1:51:45 PM Lease Expires . . . . . . . . . . : Saturday, February 3, 2024 1:51:45 PM Default Gateway . . . . . . . . . : 192.168.9.253 DHCP Server . . . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : EnabledYour saying your machine with 1 interface, which from that mac is a raspberry pi b8:27:eb is getting 2 Ips, or is one the wire and the other is wireless?
Could we see the output of ifconfig on that pi..
here is one of my pi's, I have the wifi disable.. its wired - wireless would be pointless
pi@pihole:~ $ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.10 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::3829:d17c:fb3d:1b4d prefixlen 64 scopeid 0x20<link> ether b8:27:eb:38:d8:4d txqueuelen 1000 (Ethernet) RX packets 1497796 bytes 175263470 (167.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1413040 bytes 272568719 (259.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 4419748 bytes 296933982 (283.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4419748 bytes 296933982 (283.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 pi@pihole:~ $Here I enabled the wifi interface, but didn't connect it to any network - or yeah it would grab and IP ;)
pi@pihole:~ $ ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.10 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::3829:d17c:fb3d:1b4d prefixlen 64 scopeid 0x20<link> ether b8:27:eb:38:d8:4d txqueuelen 1000 (Ethernet) RX packets 1498589 bytes 175322753 (167.2 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1413888 bytes 272940823 (260.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 4419748 bytes 296933982 (283.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4419748 bytes 296933982 (283.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether b8:27:eb:6d:8d:18 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 pi@pihole:~ $ -
@johnpoz Same Mac
Here is full mac
from PFSENSE dhcp lease page:
192.168.40.14 b8:27:eb:d8:3c:ff pi2 2024/02/10 09:22:17 2024/02/10 11:22:17
192.168.40.13 b8:27:eb:d8:3c:ff pi2Yes, the pi has wifi also. but the mac address for both ips identical. I would think that should be impossible.
I see in your example, eth0 and wlan0 have different macs.
-
Hello!
Do you have both connman and dhcpd (dhclient) running?
I have seen quite a few installs get hit with this lately...
John
-
@cd said in dhcp issues 2 ip addresses to same computer on same subnet:
but the mac address for both ips identical
Something odd there.. Yes the 2 different interfaces should have slightly different macs.. I have seen for example just the last number being off by 1.. That is quite common.
But the same?
Did you change the mac of one of them.. Did you setup a bridge or something on the device?
Could you post the output of ifconfig from your pi? Like I did
-
@serbus I don't know what conman is. Can you clarify?
-
@johnpoz 192.168.20.2 00:0f:60:04:53:15 pi2 2024/02/10 10:37:35 2024/02/10 12:37:35
Notice this lease was very short lived. What i just did to get this was to disconnect pi from switch and plug wifi in.
FYI, wifi subnet is 192.168.20.X Switch is 192.168.40.x from before
I also notice that the dchp lease page take forever to update
I have had issues for a long time with intermittent failure to reach machines on the network. On my tablet for example, to reach my 3d printer, i disconnect and reconnect wifi to get to machine. That works often.
I have 3 printers on the 20 network. At any one time, i can reach printer A and not reach printer B over wifi.I have tried replacing the wifi ap, no help.
But now this is wired issue. Confusing.
-
Ok,
here is ifconfig from pi, accessed with only wifi
connected:eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.40.13 netmask 255.255.255.0 broadcast 192.168.40.255
inet6 fe80::ba27:ebff:fed8:3cff prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:d8:3c:ff txqueuelen 1000 (Ethernet)
RX packets 1041539 bytes 76256137 (72.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 92664 bytes 15160845 (14.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 11 bytes 1605 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1605 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.2 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::1ead:69a5:2035:d36f prefixlen 64 scopeid 0x20<link>
ether 00:0f:60:04:53:15 txqueuelen 1000 (Ethernet)
RX packets 1024 bytes 103044 (100.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89 bytes 13712 (13.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -
@cd well your macs are not the same there..
ether b8:27:eb:d8:3c:ff
ether 00:0f:60:04:53:15
00:0d:60
Lifetron Co.,Ltdhmmm - is that some 3rd party wifi dongle or something?
edit:
Is that data from your lease table - just an OLD expired lease? -
Connman is a network manager that will get dhcp addresses for interfaces. Sometimes, you can end up with 2 different network managers getting dhcp addresses for the same interface.
The syslog file on the client should tell the tale. Grep it for each ip and see which manager is requesting the address.
link/ether 42:58:0d:4f:e9:01 brd ff:ff:ff:ff:ff:ff altname enp0s18 inet 10.12.12.21/24 brd 10.12.12.255 scope global dynamic ens18 valid_lft 691123sec preferred_lft 691123sec inet 10.12.12.28/24 brd 10.12.12.255 scope global secondary ens18 valid_lft forever preferred_lft foreverFeb 10 09:46:50 debian dhclient[407]: DHCPREQUEST for 10.12.12.21 on ens18 to 255.255.255.255 port 67 Feb 10 09:46:50 debian dhclient[407]: DHCPACK of 10.12.12.21 from 10.12.12.1Feb 10 09:46:53 debian connmand[370]: ens18 {add} address 10.12.12.28/24 label ens18 family 2John
-
@serbus Ok,
I notice avahi. Could that be the issue?
Feb 10 10:22:45 pi2 dhcpcd[567]: eth0: adding route to 192.168.40.0/24
Feb 10 10:22:45 pi2 dhcpcd[567]: eth0: adding default route via 192.168.40.1
Feb 10 10:37:16 pi2 avahi-daemon[343]: Withdrawing address record for 192.168.40.2 on eth0.
Feb 10 10:37:16 pi2 dhcpcd[567]: eth0: deleting route to 192.168.40.0/24
Feb 10 10:37:16 pi2 dhcpcd[567]: eth0: deleting default route via 192.168.40.1
Feb 10 10:37:35 pi2 dhcpcd[567]: wlan0: rebinding lease of 192.168.20.11
Feb 10 10:37:35 pi2 dhcpcd[567]: wlan0: offered 192.168.20.2 from 192.168.20.1
Feb 10 10:37:35 pi2 dhcpcd[567]: wlan0: probing address 192.168.20.2/24
Feb 10 10:37:39 pi2 dhcpcd[567]: wlan0: leased 192.168.20.2 for 7200 seconds
Feb 10 10:37:39 pi2 dhcpcd[567]: wlan0: adding route to 192.168.20.0/24
Feb 10 10:37:39 pi2 dhcpcd[567]: wlan0: adding default route via 192.168.20.1
Feb 10 10:37:39 pi2 avahi-daemon[343]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.168.20.2.
Feb 10 10:37:39 pi2 avahi-daemon[343]: Registering new address record for 192.168.20.2 on wlan0.IPv4.
Feb 10 11:01:41 pi2 dhclient[336]: DHCPREQUEST for 192.168.40.13 on eth0 to 192.168.40.1 port 67When i greped syslog, did not see conman in there.
-
UPDATE: Rebooting pi got rid of the eth0 address on pi below:
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b8:27:eb:d8:3c:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 1552 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 1552 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.3 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::1ead:69a5:2035:d36f prefixlen 64 scopeid 0x20<link>
ether 00:0f:60:04:53:15 txqueuelen 1000 (Ethernet)
RX packets 141 bytes 16931 (16.5 KiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 66 bytes 11381 (11.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0I am logged into pi from wifi
No cable connected to it.
So seems pi thinks it has 2 addresses now but
pfsense says only the one i am wifiing into it with.I just noticed avahi entries in syslog, but pfsense has that service disabled.
FYI, i really don't know if i even need avahi, not sure i understand.
This is the dhcp table from pfsense.
192.168.20.2 00:0f:60:04:53:15 pi2 2024/02/10 11:37:39 2024/02/10 13:37:39Ok, this is ifconfig from pi, right now.
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.40.13 netmask 255.255.255.0 broadcast 192.168.40.255
inet6 fe80::ba27:ebff:fed8:3cff prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:d8:3c:ff txqueuelen 1000 (Ethernet)
RX packets 1041539 bytes 76256137 (72.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 92664 bytes 15160845 (14.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 11 bytes 1605 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1605 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.2 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::1ead:69a5:2035:d36f prefixlen 64 scopeid 0x20<link>
ether 00:0f:60:04:53:15 txqueuelen 1000 (Ethernet)
RX packets 10340 bytes 859067 (838.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8458 bytes 8131289 (7.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -
Using your example of 2 ips on the same wired mac...
192.168.40.14 b8:27:eb:d8:3c:ff pi2 2024/02/10 09:22:17 2024/02/10 11:22:17 192.168.40.13 b8:27:eb:d8:3c:ff pi2...you could try something like...
grep -E '192.168.40.14|192.168.40.13' /var/log/syslog*...to see who grabbed them and when.
John
-
ok,
I notice for another device, (merc)
the PFSENSE is giving out 2 addresses.192.168.20.205 b8:27:eb:da:04:e2 merc n/a n/a That is the static address, and is correct. 192.168.20.7 34:7d:e4:4f:ba:b8 merc 2024/02/10 11:50:42 2024/02/10 13:50:42 That is dyamically allocated. and goes away immediately.Merc is a rpi with only wifi access.
from dhcp log on pfsense:
Feb 10 11:50:42 kea-dhcp4 90601 INFO [kea-dhcp4.leases.0x19d9d3616d00] DHCP4_LEASE_ALLOC [hwtype=1 34:7d:e4:4f:ba:b8], cid=[01:34:7d:e4:4f:ba:b8], tid=0x6ef47ffc: lease 192.168.20.7 has been allocated for 7200 seconds
Why would it do this if it already has a static address set?
-
@cd said in dhcp issues 2 ip addresses to same computer on same subnet:
Why would it do this if it already has a static address set?
Don't use kea yet, would be my suggestion
https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#rn-2-7-1-kea
Many features have yet to be implemented.. It is "preview" of what is to come..
-
@cd said in dhcp issues 2 ip addresses to same computer on same subnet:
Is that a problem switch?
Yes, though it may depend on the firmware version. I believe @johnpoz can advise better.
