Wireshark was run, and about 100 of our AP’s responded stating that there was already a device using that IP, but with a different MAC address.
When I looked in the ARP table on our router(s), it showed the same wrong MAC address, but when I cleared the arp entry on the router, the machine started working right away. It looks like the 6500 series switches had an arp timeout of 300 seconds, and now the Nexus 7K’s are set by default to 1500. We also had a professor have his class install VirtualBox/Ubuntu on their laptops (which use our secure wireless network), but I do know that one student that works for me said they just installed it and didn’t set it up. I’m wondering if we have a combination of things happening. Definitely, the ARP entries in the routers are wrong. Shayne *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: [email protected]] *On Behalf Of *Kanan E Simpson *Sent:* Tuesday, February 28, 2017 8:04 AM *To:* [email protected] *Subject:* Re: [WIRELESS-LAN] MAC OSX Duplicate IP's Shayne, Just curious, have you confirmed it’s not a rogue DHCP or router that popped up within that time? If not already performed, run wireshark or a packet capture on the machines in question and filter out the dhcp packet and see who is offering the leases. That filter would be bootp.hw_macaddr== xx:xx:xx:xx:xx:xx. If it’s a rogue router, you may not see it in your routers arp table. *Kanan Simpson* Network Services Engineer Valdosta State University *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:[email protected] <[email protected]>] *On Behalf Of *Shayne Ghere *Sent:* Monday, February 27, 2017 10:11 PM *To:* [email protected] *Subject:* [WIRELESS-LAN] MAC OSX Duplicate IP's *Importance:* High I’m reaching out since we just started having problems with users complaining about getting messages on their Mac’s about a duplicate IP address on the network. When looking in the ARP table of the Cisco Nexus switches, the mac address of their computer isn’t in there, however the IP address their machine has is owned by another mac address even though both the Controller and Prime doesn’t see that machine associated. I came across an article that the Arp Cache Timeout on the 6509’s was 300 seconds, but the Nexus (7K) has bumped it to 1500-1800 seconds now. That jives with what I’m seeing as the disassociation time of the original machine, and the duplicate message (within 20-25 minutes). The Arp-Cache timeout on the Controller is set for 1800 seconds, and was configured that way since September 2016 (Cisco WLC 8540) with no problems. This problem just cropped up within the past two weeks and is gaining steam. Out of the 30 or so devices, 38 are Mac’s and the other two are Windows 10 or Microsoft Surface tablets. This is only happening on our Secure 802.1x wireless network. We use Microsoft NPS for Radius and Linux DHCP/DNS. If anyone else is experiencing these issues, or could point us in the right direction, I would greatly appreciate it. Our Server/Radius team is fairly sure it’s not on their end, yet after talking with Cisco, I’m fairly positive it’s not the Controller/Wireless. Not finger pointing, just asking for some advice. Thanks in advance! Shayne ---------------------------------- T. Shayne Ghere Bradley University Wireless/Lan Network Engineer 1501 W. Bradley Ave, Jobst 224A (309) 677-3094 [email protected] ---------------------------------- *UPCOMING OUT OF OFFICE* ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
