001b63 is what I've seen. We have a Cisco AP infrastructure at UVa
and haven't noticed any outages or other issues related to iPhones.
Our "Open" SSID requires prior MAC registration and is not broadcast,
I'm not clear on how Duke has theirs set up. Some "Open" network
setups I've seen just let anything associate and then use captive
portal networks (that require some sort of web auth) to gain real
network access. These systems can use ARP tricks in redirecting all
web traffic to a web auth server. I wonder if Duke could be using
anything like that and stumbled on a bug in the system, perhaps
exposed by some new and unique iPhone (re)association behavior.
------------------------------------------------------------------------
Keith Moores <mailto:[EMAIL PROTECTED]>
Network Systems
ITC-Communications and Systems Division
University of Virginia, ITC-2015 Ivy Rd Phone (434) 924-0621
Box 400324, Charlottesville, VA 22904-4324 Fax (434) 982-4715
On Jul 17, 2007, at 4:45 PM, Bob Richman wrote:
So far, have all the Iphone had the same OUI as the first six chars
in the MAC? What are they?
Kevin Miller wrote:
1) Could you configure your routers w/ secondaries to "answer"
for the 1918 space the phones are looking for? What happens if
the phone actually gets an answer? A) Will it shut up, or B) can
you use this to get more diagnostic information?
We could; the addresses have all been different so far (10.0.1.1,
192.168.1.1, 192.168.2.1) .. we haven't tried during an active
problem so far but will.
2) I wonder if they hacked in some special sauce roaming ability?
It seems like what you are seeing may be aggravated by the device
roaming between ip subnets but staying on the same SSID?
Perhaps, yes. We know anecdotally that some people use the same
SSID at home as on campus for ease of use. Though the iPhone
yesterday apparently did not fall into this category.
So could they implement a way to deal with the case where a user
would roam from ap A to ap B staying on the same SSID. So maybe
they chose to self arp to help populate upstream bridge tables,
but they accidentally reuse stale cached ip info?
Perhaps, though I'd hope the algorithm was setup to try, wait,
timeout after some period of time.
-Kevin
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.
--
Bob Richman
Network Engineer
210C Security Building
University of Notre Dame
Notre Dame, IN 46556
574-631-8562 office
[EMAIL PROTECTED]
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
