Hey,
anybody seen something like this before?
I have a Core switch unifi XG-16. It is “fighting” with my pfSense to get a DHCP lease. It’s directly connected via 10G unifi DAC. It was running before but after the last reprovisioning because of some minor changes it is not reachable.
pfsense Log is spammed with DHCP requests:
|Feb 19 15:44:52|dhcpd||DHCPDISCOVER from 74:ac:... via ix0| |Feb 19 15:44:52|dhcpd||DHCPOFFER on 10.246.246.200 to 74:ac:... via ix0| |Feb 19 15:45:06|dhcpd||DHCPDISCOVER from 74:ac:... via ix0| |Feb 19 15:45:06|dhcpd||DHCPOFFER on 10.246.246.200 to 74:ac:... via ix0| |Feb 19 15:45:09|dhcpd||DHCPDISCOVER from 74:ac:... via ix0| |Feb 19 15:45:09|dhcpd||DHCPOFFER on 10.246.246.200 to 74:ac:... via ix0| |Feb 19 15:45:12|dhcpd||DHCPDISCOVER from 74:ac:... via ix0| |Feb 19 15:45:12|dhcpd||DHCPOFFER on 10.246.246.200 to 74:ac:... via ix0| |Feb 19 15:45:25|dhcpd||DHCPDISCOVER from 74:ac:... via ix0|
But in the Firewall Log I see the Switch querying on a totally non used IP/Subnet:
|Feb 19 15:51:04|IX0_MGMT|Default deny rule IPv4 (1000000103)| 192.168.1.20:43418| 255.255.255.255:10001|UDP| |Feb 19 15:51:04|IX0_MGMT|Default deny rule IPv4 (1000000103)| 192.168.1.20:44354| 255.255.255.255:10001|UDP| |Feb 19 15:51:05|IX0_MGMT|Default deny rule IPv4 (1000000103)| 192.168.1.20:51504| 255.255.255.255:10001|UDP| |Feb 19 15:51:05|IX0_MGMT|Default deny rule IPv4 (1000000103)| 192.168.1.20:33620| 255.255.255.255:10001|UDP| |Feb 19 15:51:05|IX0_MGMT|Default deny rule IPv4 (1000000103)| 192.168.1.20:53124| 255.255.255.255:10001|UDP|
So it totally ignore the DHCP Offer and seems somehow sit on 192.168.1.20. Lease Time is set to 3600 def / 86400 max.
Unfortunately it’s a remote site I can go to on Tuesday but anybody seen this before?
The only Idea i have so far is that somebody somehow deployed a local DHCP Server plugged into the Switch. But Actually im pretty sure I configured DHCP guard only allowing the pfsense.
Ty