New DHCP Server detected

Solved
macsolutions
Getting noticed

New DHCP Server detected

I got an alert today:

 

The switch in the network School Building detected a new DHCP server with the following details:

MAC:00:18:0a:xx:xx:xx
IP:10.10.40.2
VLAN:1
Subnet:0.0.0.0/0

 

The MAC address says it's is the known, one and only Meraki Firewall that has been on the network since initial setup.  Nothing was physically changed. unplugged, and nothing noted in the Change log to cause this. Last entry on the change log was 3 days ago.

 

Is this a real error, or a false error? If it's real, how do I track it down?

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

If you know if is the firewall then don't worry about it.

 

Perhaps you had a firmware update recently and it is caused it to look again.

View solution in original post

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

If you know if is the firewall then don't worry about it.

 

Perhaps you had a firmware update recently and it is caused it to look again.

JPena
Meraki Employee
Meraki Employee

As mentioned, I wouldn't worry about it. If you want to be absolutely certain that there isn't another DHCP server on your LAN, run a PCAP on the LAN port and look for any DHCP activity (filter is 'bootp')
Jose Pena
Network Support Engineer @ Cisco Meraki .:|:.:|:.
Sameh_Sackla
Meraki Employee
Meraki Employee

Are you sure you haven't changed the MX from Bridge to NAT mode or turned on DHCP on any of the configured VLANs? Also, the MX has the ability to relay DHCP requests, so while you haven't changed anything on the MX, but yet it a network DHCP server might have come up. I suggest you take a pcap and analyze this in more details. Here is a link for DHCP relay on the MX: https://documentation.meraki.com/MX-Z/DHCP/DHCP_Services#DHCP_relay
Sameh Sackla - Cisco Meraki
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels