dhcp issues 2 ip addresses to same computer on same subnet

cd

I have a managed tp-link switch. I updated the firmware and disabled its dhcp VLAN is 40 on the switch

I set up a dhcp server on 192.168.40.X
i plug my laptop into that switch and it got 2 ip addresses and no internet access.

The gateway on pc says 192.168.40.1, which i set as the gateway on pfsense dhcp server of 40 net

also, often when i add a device , it takes forever for the dhcp list to show the new device.

Why am i getting 2 addresses? No, my wifi was turned off, so it is not that.

JKnott

@cd

Which model switch? Some TP-Link switches and access points don't support VLANs properly and let broadcasts and multicasts from the main LAN to the VLAN.

cd

@JKnott Thanks for reply. TL-SG108E is the switch.

BTW, I disabled dhcp feature of the switch. I assume i was supposed to.
Is that a problem switch?

not sure i need the tagging feature of it, content to have the router , which has vlan tag on port, use same vlan for all ports of switch.

viragomann

@cd said in dhcp issues 2 ip addresses to same computer on same subnet:

I have a managed tp-link switch. I updated the firmware and disabled its dhcp VLAN is 40 on the switch

So the switch is running in layer 2 mode and this VLAN is terminated on pfSense?

i plug my laptop into that switch and it got 2 ip addresses and no internet access.
Why am i getting 2 addresses?

Maybe there are tow DHCP servers in this subnet. Or the only one DHCP server gets requests from two MACs.

Checkout which servers the leases are from.

You can also sniff the DHCP traffic on the traffic on the laptop.

cd

@viragomann VLAN tag is set at router port => switch.

I got 2 ip addresses within seconds from same subnet.

192.168.40.14 b8:27:eb:d8:XXXX pi2 2024/01/30 16:41:14 2024/01/30 18:41:14
192.168.40.13 b8:27:eb:d8:XXXX pi2 2024/01/30 16:41:40 2024/01/30 18:41:40

johnpoz

@cd is that same mac or different?

BTW - there is really little reason to hide a mac address.. Unless its the mac address of your wifi router, nobody would ever see those - there is no way to find them?

Now if if was the mac address of your wifi router - there are databases of war driving that maps out ssid mac of the wifi router, etc.. but for example the mac of my pc ethernet card..

Ethernet adapter Local:

   Connection-specific DNS Suffix  . : home.arpa
   Description . . . . . . . . . . . : Killer E2600 Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : B0-4F-13-0B-FD-16
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 30, 2024 1:51:45 PM
   Lease Expires . . . . . . . . . . : Saturday, February 3, 2024 1:51:45 PM
   Default Gateway . . . . . . . . . : 192.168.9.253
   DHCP Server . . . . . . . . . . . : 192.168.9.253
   DNS Servers . . . . . . . . . . . : 192.168.3.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Your saying your machine with 1 interface, which from that mac is a raspberry pi b8:27:eb is getting 2 Ips, or is one the wire and the other is wireless?

Could we see the output of ifconfig on that pi..

here is one of my pi's, I have the wifi disable.. its wired - wireless would be pointless

pi@pihole:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.10  netmask 255.255.255.0  broadcast 192.168.3.255
        inet6 fe80::3829:d17c:fb3d:1b4d  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:38:d8:4d  txqueuelen 1000  (Ethernet)
        RX packets 1497796  bytes 175263470 (167.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1413040  bytes 272568719 (259.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4419748  bytes 296933982 (283.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4419748  bytes 296933982 (283.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

pi@pihole:~ $ 

Here I enabled the wifi interface, but didn't connect it to any network - or yeah it would grab and IP ;)

pi@pihole:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.10  netmask 255.255.255.0  broadcast 192.168.3.255
        inet6 fe80::3829:d17c:fb3d:1b4d  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:38:d8:4d  txqueuelen 1000  (Ethernet)
        RX packets 1498589  bytes 175322753 (167.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1413888  bytes 272940823 (260.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4419748  bytes 296933982 (283.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4419748  bytes 296933982 (283.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b8:27:eb:6d:8d:18  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

pi@pihole:~ $ 

cd

@johnpoz Same Mac

Here is full mac

from PFSENSE dhcp lease page:

192.168.40.14 b8:27:eb:d8:3c:ff pi2 2024/02/10 09:22:17 2024/02/10 11:22:17
192.168.40.13 b8:27:eb:d8:3c:ff pi2

Yes, the pi has wifi also. but the mac address for both ips identical. I would think that should be impossible.

I see in your example, eth0 and wlan0 have different macs.

serbus

@cd

Hello!

Do you have both connman and dhcpd (dhclient) running?

I have seen quite a few installs get hit with this lately...

John

johnpoz

@cd said in dhcp issues 2 ip addresses to same computer on same subnet:

but the mac address for both ips identical

Something odd there.. Yes the 2 different interfaces should have slightly different macs.. I have seen for example just the last number being off by 1.. That is quite common.

But the same?

Did you change the mac of one of them.. Did you setup a bridge or something on the device?

Could you post the output of ifconfig from your pi? Like I did

cd

@serbus I don't know what conman is. Can you clarify?

cd

@johnpoz 192.168.20.2 00:0f:60:04:53:15 pi2 2024/02/10 10:37:35 2024/02/10 12:37:35

Notice this lease was very short lived. What i just did to get this was to disconnect pi from switch and plug wifi in.

FYI, wifi subnet is 192.168.20.X Switch is 192.168.40.x from before

I also notice that the dchp lease page take forever to update

I have had issues for a long time with intermittent failure to reach machines on the network. On my tablet for example, to reach my 3d printer, i disconnect and reconnect wifi to get to machine. That works often.
I have 3 printers on the 20 network. At any one time, i can reach printer A and not reach printer B over wifi.

I have tried replacing the wifi ap, no help.

But now this is wired issue. Confusing.

cd

@johnpoz

Ok,

here is ifconfig from pi, accessed with only wifi
connected:

eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.40.13 netmask 255.255.255.0 broadcast 192.168.40.255
inet6 fe80::ba27:ebff:fed8:3cff prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:d8:3c:ff txqueuelen 1000 (Ethernet)
RX packets 1041539 bytes 76256137 (72.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 92664 bytes 15160845 (14.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 11 bytes 1605 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1605 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.2 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::1ead:69a5:2035:d36f prefixlen 64 scopeid 0x20<link>
ether 00:0f:60:04:53:15 txqueuelen 1000 (Ethernet)
RX packets 1024 bytes 103044 (100.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 89 bytes 13712 (13.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

johnpoz

@cd well your macs are not the same there..

ether b8:27:eb:d8:3c:ff

ether 00:0f:60:04:53:15

00:0d:60
Lifetron Co.,Ltd

hmmm - is that some 3rd party wifi dongle or something?

edit:
Is that data from your lease table - just an OLD expired lease?

serbus

@cd

@cd

Connman is a network manager that will get dhcp addresses for interfaces. Sometimes, you can end up with 2 different network managers getting dhcp addresses for the same interface.

The syslog file on the client should tell the tale. Grep it for each ip and see which manager is requesting the address.

    link/ether 42:58:0d:4f:e9:01 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 10.12.12.21/24 brd 10.12.12.255 scope global dynamic ens18
       valid_lft 691123sec preferred_lft 691123sec
    inet 10.12.12.28/24 brd 10.12.12.255 scope global secondary ens18
       valid_lft forever preferred_lft forever

Feb 10 09:46:50 debian dhclient[407]: DHCPREQUEST for 10.12.12.21 on ens18 to 255.255.255.255 port 67
Feb 10 09:46:50 debian dhclient[407]: DHCPACK of 10.12.12.21 from 10.12.12.1

Feb 10 09:46:53 debian connmand[370]: ens18 {add} address 10.12.12.28/24 label ens18 family 2

John

cd

@serbus Ok,

I notice avahi. Could that be the issue?

Feb 10 10:22:45 pi2 dhcpcd[567]: eth0: adding route to 192.168.40.0/24
Feb 10 10:22:45 pi2 dhcpcd[567]: eth0: adding default route via 192.168.40.1
Feb 10 10:37:16 pi2 avahi-daemon[343]: Withdrawing address record for 192.168.40.2 on eth0.
Feb 10 10:37:16 pi2 dhcpcd[567]: eth0: deleting route to 192.168.40.0/24
Feb 10 10:37:16 pi2 dhcpcd[567]: eth0: deleting default route via 192.168.40.1
Feb 10 10:37:35 pi2 dhcpcd[567]: wlan0: rebinding lease of 192.168.20.11
Feb 10 10:37:35 pi2 dhcpcd[567]: wlan0: offered 192.168.20.2 from 192.168.20.1
Feb 10 10:37:35 pi2 dhcpcd[567]: wlan0: probing address 192.168.20.2/24
Feb 10 10:37:39 pi2 dhcpcd[567]: wlan0: leased 192.168.20.2 for 7200 seconds
Feb 10 10:37:39 pi2 dhcpcd[567]: wlan0: adding route to 192.168.20.0/24
Feb 10 10:37:39 pi2 dhcpcd[567]: wlan0: adding default route via 192.168.20.1
Feb 10 10:37:39 pi2 avahi-daemon[343]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.168.20.2.
Feb 10 10:37:39 pi2 avahi-daemon[343]: Registering new address record for 192.168.20.2 on wlan0.IPv4.
Feb 10 11:01:41 pi2 dhclient[336]: DHCPREQUEST for 192.168.40.13 on eth0 to 192.168.40.1 port 67

When i greped syslog, did not see conman in there.

cd

@johnpoz

UPDATE: Rebooting pi got rid of the eth0 address on pi below:

eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b8:27:eb:d8:3c:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 10 bytes 1552 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 1552 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.3 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::1ead:69a5:2035:d36f prefixlen 64 scopeid 0x20<link>
ether 00:0f:60:04:53:15 txqueuelen 1000 (Ethernet)
RX packets 141 bytes 16931 (16.5 KiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 66 bytes 11381 (11.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

I am logged into pi from wifi
No cable connected to it.
So seems pi thinks it has 2 addresses now but
pfsense says only the one i am wifiing into it with.

I just noticed avahi entries in syslog, but pfsense has that service disabled.

FYI, i really don't know if i even need avahi, not sure i understand.

This is the dhcp table from pfsense.

192.168.20.2	00:0f:60:04:53:15	pi2		2024/02/10 11:37:39	2024/02/10 13:37:39

Ok, this is ifconfig from pi, right now.

eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.40.13 netmask 255.255.255.0 broadcast 192.168.40.255
inet6 fe80::ba27:ebff:fed8:3cff prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:d8:3c:ff txqueuelen 1000 (Ethernet)
RX packets 1041539 bytes 76256137 (72.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 92664 bytes 15160845 (14.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 11 bytes 1605 (1.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1605 (1.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.2 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::1ead:69a5:2035:d36f prefixlen 64 scopeid 0x20<link>
ether 00:0f:60:04:53:15 txqueuelen 1000 (Ethernet)
RX packets 10340 bytes 859067 (838.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8458 bytes 8131289 (7.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

serbus

@cd

Using your example of 2 ips on the same wired mac...

192.168.40.14 b8:27:eb:d8:3c:ff pi2 2024/02/10 09:22:17 2024/02/10 11:22:17
192.168.40.13 b8:27:eb:d8:3c:ff pi2

...you could try something like...

grep -E '192.168.40.14|192.168.40.13' /var/log/syslog*

...to see who grabbed them and when.

John

cd

ok,
I notice for another device, (merc)
the PFSENSE is giving out 2 addresses.

192.168.20.205	b8:27:eb:da:04:e2	merc		n/a	n/a   That is the static address, and is correct.

192.168.20.7	34:7d:e4:4f:ba:b8	merc		2024/02/10 11:50:42	2024/02/10 13:50:42  That is dyamically allocated.  and goes away immediately.

Merc is a rpi with only wifi access.

from dhcp log on pfsense:

Feb 10 11:50:42 kea-dhcp4 90601 INFO [kea-dhcp4.leases.0x19d9d3616d00] DHCP4_LEASE_ALLOC [hwtype=1 34:7d:e4:4f:ba:b8], cid=[01:34:7d:e4:4f:ba:b8], tid=0x6ef47ffc: lease 192.168.20.7 has been allocated for 7200 seconds

Why would it do this if it already has a static address set?

johnpoz

@cd said in dhcp issues 2 ip addresses to same computer on same subnet:

Why would it do this if it already has a static address set?

Don't use kea yet, would be my suggestion

https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#rn-2-7-1-kea

Many features have yet to be implemented.. It is "preview" of what is to come..

JKnott

@cd said in dhcp issues 2 ip addresses to same computer on same subnet:

Is that a problem switch?

Yes, though it may depend on the firmware version. I believe @johnpoz can advise better.