Re: [AFMUG] odd mt behavior

Mon, 13 Feb 2017 05:04:55 -0800

When MT makes an ARP request I think it temporarily populates the table with all zeroes while waiting for a response. Those don't hang around very long though.
You might do a packet capture to see if there is actually a response with all zeroes or if someone is scanning every IP. 


....but since Faisal mentioned firewalls:  I have seen one IT consultant 
who would set the WAN MAC on his customers' firewalls to all zeroes.



------ Original Message ------
From: "Cameron Crum" <[email protected]>
To: [email protected]
Sent: 2/12/2017 7:22:44 PM
Subject: Re: [AFMUG] odd mt behavior


Mac is all zeros

On Feb 12, 2017 5:24 PM, "Larry Smith" <[email protected]> wrote:

Agree with Faisal, proxyin arp turned on somewhere.
Track the MAC address that is replying to all the ARP
and you will find your culprit.

--
Larry Smith
[email protected]

On Sun February 12 2017 16:25, Faisal Imtiaz wrote:
> We have seen that behavior from misbehaving sonic wall (firewall)

> and some implementations of consumer firewalls (Watchguard, 
Sonicwall etc)

> will do this when the proxy arp is set to be on.
>
> Regards.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232>
>

> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: 
[email protected]

>
> > From: "Cameron Crum" <[email protected]>
> > To: [email protected]
> > Sent: Sunday, February 12, 2017 1:01:51 PM
> > Subject: Re: [AFMUG] odd mt behavior
> >

> > yeah...tracked it to arp table full...something is flooding the 
arp list

> > with every unused ip.
> >
> > On Fri, Feb 10, 2017 at 10:21 PM, Jesse Dupont <
> > [email protected] >
> >
> > wrote:

> >> If the UBNT CPEs are M series (XM or XW), is WDS enabled on both 
the APs

> >> and CPEs?
> >>
> >> On Fri, Feb 10, 2017 at 12:28 PM -0700, "Cameron Crum" <
> >> [email protected] >
> >>
> >> wrote:

> >>> I have a customer who is having an odd issue on several MTs. His 
DHCP
> >>> server is using radius to auth end users. The mac requests a 
lease,
> >>> radius replies with accept and a Framed-IP, but the lease in the 
dchp
> >>> server just says offered and never binds the lease. It is not 
with
> >>> every customer, but it seems to happening randomly on several 
routers.
> >>> version is 6.36. I had them look to see if was a particular end 
user
> >>> router brand, or even the same type of cpe, but other than all 
cpe's
> >>> being some flavor of ubnt set up in bridge mode, there doesn't 
seem to
> >>> be a pattern. The dhcp server is set up on a bridge interface in 
the
> >>> MT, add arp for leases, reply-only. I'm out of ideas on what 
would

> >>> cause this. The ip is within the range of ips assigned to the

> >>> interface. IP Pools is set to static only. Anyone seen this 
before?





















					Reply via email to