Hey everyone,
I've got a problem with our Windows DHCP service in one of our Wi-Fi networks. We're seeing constant BAD_ADDRESS entries, where a device keeps creating invalid lease entries that fill up our free address pool. This means new devices can't connect to the Wi-Fi. Each entry has a slightly different but incomplete 'Unique ID', for example, 1a0d1fac, 1d0d1fac, and 1e0d1fac. The moment we delete these entries, new ones pop up every three seconds until the pool is drained again.
This only happens in one specific network; others are fine. Just for context, we're running Windows Server 2022 Datacenter 21H2 and using Ubiquity Access Points. There are no known errors on mobile clients when trying to connect. Any ideas on what might be going on?
Thanks in advance!
P.S.: My colleague u/StockAd5557 will be joining the conversation too!
5 Answers
It sounds like someone might have a device with randomized MAC addresses that keeps reconnecting. If you're using guest access, make sure you're tracking who has access. You shouldn’t just give out PSK credentials without monitoring, as it can allow someone to drain your DHCP pool without actually using the connection. Try identifying the rogue device's behavior by tracking its movements between access points. If you’re using a PSK setup, consider changing it and only sharing it with verified devices. Otherwise, try to pinpoint the user's RADIUS account and temporarily block them until they fix the MAC randomization.
A straightforward approach is to disable access temporarily and then add devices back one at a time to see which one causes the issue.
This is an unencrypted customer Wi-Fi network, and we have client isolation enabled.
Do you have any Cisco switches? We encountered a similar problem before, and this link helped us resolve it: [Cisco Solution](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html). You might want to check it out!
We only use Aruba Switches in our setup.
Hey, I dealt with something similar! I’d suspect it might be a bottleneck from a mobile device. Try isolating any recently added devices or set up a MAC filter. You may need to add devices back to the network slowly to identify the troublemaker. Alternatively, an IP conflict might be causing this as well. It’s hard to pinpoint without a closer look, but trust your instincts—if it seems suspicious, it likely is! Good luck!
I’ve seen this issue before; it's often caused by a device getting an IP address while another device has it either manually assigned or coming from a rogue DHCP server. Use Wireshark to check for multiple DHCP servers responding to the requests or see if the client has the same MAC address as another device.
Just to clarify, we don’t use RADIUS on this network.