I noticed in our DHCP server logs lots of swiftly repeating entries about "no free leases" on our management vlans. All of our in-band management vlans are statically configured with their IP address. But subtleties abound in 3700 pages of combined pdf documentation so I review them both and then go through one of the offending switches to make sure they are correctly configured. Hours later and nothing's changed and I'm beginning to question my sanity as well as meagre competence: I even roll back to 6.3.0.16 but the problem persists. I waited far too long to roll out the sharpest tool in the dhcp server shed:
$sudo tcpdump -e -K -n -vvv host [elided]
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
23:09:39.118235 00:04:96:19:46:f0 > 00:25:90:68:c5:c0, ethertype IPv4 (0x0800), length 1302: (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto UDP (17), length 1288)
[elided].67 > [elided].67: BOOTP/DHCP, Request from f8:b1:56:48:49:9d, length 1260, hops 1, xid 0x99399548, secs 65280, Flags [Broadcast] (0x8000)
Gateway-IP [elided]
Client-Ethernet-Address f8:b1:56:48:49:9d
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Vendor-Class Option 60, length 8: "AEROHIVE"
END Option 255, length 0
PAD Option 0, length 0, occurs 1006
I do recall something two, maybe three firmware updates ago scrolling by on the console about Aerohive and an EULA. Dig in to the docs again and on p.258 of the CLI guide:
AeroHive HiveManager NG EULA
This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager. If you wish to disable this feature, you should run command “eula-consent hiveagent reject” immediately upon powering up the switch for the first time, or at any time thereafter.
Is that the cause? I run the command and sure enough ... :-(
Only a few minutes ago I see a post by Daniel C on Spiceworks that's similar in content but not what we experienced.
I hope in the future these product tie-ins are opt-in, not opt-out.