Meraki

Community

192.168.0.0/16: DHCP server on standby MX

mat1458
Getting noticed
‎Mar 17 2019 11:58 PM
‎Mar 17 2019 11:58 PM

192.168.0.0/16: DHCP server on standby MX

Hi

We tried to bring up a site with two MX67C and two MS120. The MX's came up, however the switches remained down. After some troubleshooting we noticed that the switches have pulled IP addresses out of a range 192.168.0.0/16 from the standby MX (new, out of the box). the configuration in the Meraki dashboard previewed VLAN1 as untagged VLAN with a range of 192.168.128.0/24. Apparently the switches were not reachable and therefore not configurable. We solved the problem by blocking the DHCP server on the Standby MX.

 

All good, BUT: for me the question remains, how a standby MX can actively hand out DHCP addresses out of an unconfigured address range? A passive device should never be able to act as DHCP server in my opinion. The active MX should be the only active DHCP server. 

 

Does anybody have more insight in this topic, since I have not found a detailed description on how this is designed to work.

0 Kudos
6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Mar 18 2019 12:03 AM
‎Mar 18 2019 12:03 AM

Was the Internet connection for the standby MX up and was it showing as online?

Was the LAN interface of both the primary and standby MX plugged into the same layer 2 domain, so that they could see each other?

0 Kudos
In response to PhilipDAth
mat1458
Getting noticed
‎Mar 18 2019 12:10 AM
‎Mar 18 2019 12:10 AM

Hi Philipp

thanks for the fast reply. Both MX were connected to the same Internet access box on the internet interface and both MX's had were connected to both switches (all links up, at least what the LEDs said). The config in the dashboard for the MX ports was set to trunk/native VLAN1 in a template and therefore in the bound network as well. So I would say yes, same internet uplink and same Layer 2 domain.

Kind regards

Mat

0 Kudos
In response to mat1458
Nick
Head in the Cloud
‎Mar 18 2019 2:02 AM
‎Mar 18 2019 2:02 AM

Hi Mat,

 

It does sound odd... When the MX's were configured there were no issues going into Primary and Standby? 

 

How did you cable them up into this mode exactly?

 

Thanks

 

Nick

0 Kudos
In response to Nick
mat1458
Getting noticed
‎Mar 18 2019 2:08 AM
‎Mar 18 2019 2:08 AM

Hi Nick

First the cabling was not ok, since the standby MX was only connected to the primary MX via LAN port and no working internet uplink was present. After correcting the cabling and rebooting the MX I did a factory reset on the attached switches so I assume that they had to redo the DHCP discovery. And since active and standby MX were up and running in the dashboard I assume that the standby MX had the correct config.

 

But I have to redo the setup to see if it behaves the same way again.

Thanks for your support.

Cheers 

Mat

0 Kudos
In response to mat1458
Nick
Head in the Cloud
‎Mar 18 2019 2:09 AM
‎Mar 18 2019 2:09 AM

Hi Mat,

No problem - odd. It will be interesting to see if you can replicate the issue

Cheers

Nick
0 Kudos
In response to Nick
mat1458
Getting noticed
‎Mar 26 2019 8:11 AM
‎Mar 26 2019 8:11 AM

Hi 

It took me some time to do the tests, however I was not able to replicate the situation. The DHCP scope 192.168.0.0/16 did not show up again after various factory resets. I must assume that the faulty device has already been used in a test setup previously and had an old configuration on it. Since the spare MX did not have a direct internet connection during my tests with the errors happening, it might have started to distribute IP addresses from its DHCP server.

 

This brings me to two other questions (tell me if I should ask it in a separate thread): what does a spare MX do in terms of packet forwarding on the LAN ports? Would an internal DHCP server on a spare MX be able to intercept DHCP packets and answer them?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.