Thanks. On Mon, Feb 13, 2017 at 7:04 AM, Adam Moffett <dmmoff...@gmail.com> wrote:
> When MT makes an ARP request I think it temporarily populates the table > with all zeroes while waiting for a response. Those don't hang around very > long though. > > You might do a packet capture to see if there is actually a response with > all zeroes or if someone is scanning every IP. > > ....but since Faisal mentioned firewalls: I have seen one IT consultant > who would set the WAN MAC on his customers' firewalls to all zeroes. > > > ------ Original Message ------ > From: "Cameron Crum" <cc...@wispmon.com> > To: af@afmug.com > Sent: 2/12/2017 7:22:44 PM > Subject: Re: [AFMUG] odd mt behavior > > Mac is all zeros > > On Feb 12, 2017 5:24 PM, "Larry Smith" <lesm...@ecsis.net> wrote: > >> Agree with Faisal, proxyin arp turned on somewhere. >> Track the MAC address that is replying to all the ARP >> and you will find your culprit. >> >> -- >> Larry Smith >> lesm...@ecsis.net >> >> On Sun February 12 2017 16:25, Faisal Imtiaz wrote: >> > We have seen that behavior from misbehaving sonic wall (firewall) >> > and some implementations of consumer firewalls (Watchguard, Sonicwall >> etc) >> > will do this when the proxy arp is set to be on. >> > >> > Regards. >> > >> > Faisal Imtiaz >> > Snappy Internet & Telecom >> > 7266 SW 48 Street >> > Miami, FL 33155 >> > Tel: 305 663 5518 x 232 >> > >> > Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net >> > >> > > From: "Cameron Crum" <cc...@wispmon.com> >> > > To: af@afmug.com >> > > Sent: Sunday, February 12, 2017 1:01:51 PM >> > > Subject: Re: [AFMUG] odd mt behavior >> > > >> > > yeah...tracked it to arp table full...something is flooding the arp >> list >> > > with every unused ip. >> > > >> > > On Fri, Feb 10, 2017 at 10:21 PM, Jesse Dupont < >> > > jesse.dup...@celeritycorp.net > >> > > >> > > wrote: >> > >> If the UBNT CPEs are M series (XM or XW), is WDS enabled on both the >> APs >> > >> and CPEs? >> > >> >> > >> On Fri, Feb 10, 2017 at 12:28 PM -0700, "Cameron Crum" < >> > >> cc...@wispmon.com > >> > >> >> > >> wrote: >> > >>> I have a customer who is having an odd issue on several MTs. His >> DHCP >> > >>> server is using radius to auth end users. The mac requests a lease, >> > >>> radius replies with accept and a Framed-IP, but the lease in the >> dchp >> > >>> server just says offered and never binds the lease. It is not with >> > >>> every customer, but it seems to happening randomly on several >> routers. >> > >>> version is 6.36. I had them look to see if was a particular end user >> > >>> router brand, or even the same type of cpe, but other than all cpe's >> > >>> being some flavor of ubnt set up in bridge mode, there doesn't seem >> to >> > >>> be a pattern. The dhcp server is set up on a bridge interface in the >> > >>> MT, add arp for leases, reply-only. I'm out of ideas on what would >> > >>> cause this. The ip is within the range of ips assigned to the >> > >>> interface. IP Pools is set to static only. Anyone seen this before? >> >