ARP moved in log
-
I have this exact issue here:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/logs-arp-moved.html
where an IP (002.077) moved between two MAC addresses.This was RIGHT prior to the network going down and requiring a reboot of the APs (I do NOT know if that resolved the problem or coincidental).
The MAC of one of the IPs was my phone- in my hand- and I know for certain I wasn't playing with DHCP/Static IPs.
The other (appears to be another phone) but I haven't located it yet.
The other significant problem is the 002.77 IP address is not allocated- it's not in range for the DHCP server to use nor is it in my spreadsheet of IPs assigned.
All IPs are assigned by pfSense, and all the APs are just there to forward the requests onwards.
Any ideas what could cause, or could this cause, or what should I be looking for- that shut down my network? I was on a phone call at the time and working just fine.
Thanks kindly
-
Sounds like an actual IP conflict that log message is intended to alert you to.
If the IP is outside the pfSense DHCP range you may have a rogue dhcp server on your network. That's relatively common and will cause all sorts of fun issues! A phone setup as a hotspot and connected to your wifi is something I've seen before. But routers configured as an AP and going back to their default settings would also do it.
Steve
-
@stephenw10 said in ARP moved in log:
If the IP is outside the pfSense DHCP range you may have a rogue dhcp server on your network. That's relatively common and will cause all sorts of fun issues! A phone setup as a hotspot and connected to your wifi is something I've seen before. But routers configured as an AP and going back to their default settings would also do it.
That would horrifically painful to figure out then. Without packet captures I'm not sure where I could even begin to hunt down that rogue item- the only thing 'new' was a WYZE camera a day before.
Would there be any other reasons for an item (in use, my phone) with the MAC showing up as flipping IPs?
I'll go with your most likely explanation and try and figure out what DHCP server I might have that decided to go rogue- like perhaps it received a reset/factory defaults. Then again I have had these Access Points go crazy once or twice in the past where they started trying to be everything for no reason. I have started hating them...
Thank you!
-
It could be two things statically set with the same IP. That's unlikely when either of them is a phone though.
Rogue dhcp server is what I'd look at. If you have access to an affected device you can chesk what it's using as as it's gateway.Steve