DHCP handing out multiple IP's to same sever over and over
-
Here is what is happening:
https://imgur.com/a/QzFaT
I hve no idea what is going, I erase them, they come up.
-
The black box - the MAC's you have hidden, are all the same ?
-
The black box - the MAC's you have hidden, are all the same ?
Yes they are all the exact same.
Also that server is on a STATIC ip….
-
Also that server is on a STATIC ip….
So it isn't running any dhcp client that asks the DHCP server (== pfSense) for an IP.
And nothing is logged in the DHCP server that is coming from this server ? ;)I advise you to stop the DHCP server first, then manually move away the lease file, and start DHCP server again.
-
I tried that, it keeps giving it like 10 different IPs, there is only one VM nic on there. I do not understand what is going on.
-
What's running behind the VM NIC? Any chance there's something doing DHCP relays for a network behind it?
-
Where would I find that? WHy would it relay on that one server?
-
There's a ton of reasons why a NIC might be asking for multiple addresses (not many of them good reasons, but it's still possible). When you mention it being a VM NIC you raise all sorts of other possible complications. It'd be up to you to understand what's on it and how to examine it's network configuration.
It also helps to at least see the first half of a MAC. That way you can look up to OUI to see what vendor is assigned to it.
https://www.wireshark.org/tools/oui-lookup.html
This can help narrow down when odd requests appear and to confirm that they're coming from expected hardware. As in, seeing a MAC thinking it's from a particular machine… that doesn't use a NIC from that vendor...
I should clarify though, a regular DHCP relay is going to do so using the MAC for each device making a request through it, so it would be less likely they'd all have the same source MAC address.
-
I tried that, it keeps giving it like 10 different IPs, …
Keep in mind that a device, a server in this case, with a STAIC IP doesn't ask for an IP, because the DHCP client shlouldn't run on it.
And pfSense doesn't "give" IP's to devices that do not even ask for them at the first place.So, I guess, something isn't clear ….
-
There's a ton of reasons why a NIC might be asking for multiple addresses (not many of them good reasons, but it's still possible). When you mention it being a VM NIC you raise all sorts of other possible complications. It'd be up to you to understand what's on it and how to examine it's network configuration.
It also helps to at least see the first half of a MAC. That way you can look up to OUI to see what vendor is assigned to it.
https://www.wireshark.org/tools/oui-lookup.html
This can help narrow down when odd requests appear and to confirm that they're coming from expected hardware. As in, seeing a MAC thinking it's from a particular machine… that doesn't use a NIC from that vendor...
I should clarify though, a regular DHCP relay is going to do so using the MAC for each device making a request through it, so it would be less likely they'd all have the same source MAC address.
I looked up the MAC id, and it is defintely a VMware NIC. BUt there is only one added to that VM.
-
Well, it's a hypervisor server, right? So are there multiple VMs running in it that might be asking for IP addresses?
I'm not up on the right terminology for how VMWare handles virtual switching, bridging, NAT and the like. But eventually it boils down to the one hardware interface can end up fielding traffic for multiple virtual machines within it. Is there the possibility that you have multiple VMs or containers on the machine? That'd be one explanation.