Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WiFi AP Showing ARP 'moved from' Daily

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 682 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HeyRob
      last edited by

      Hello Everyone,

      I am working on a new pfSense installation for my home.. and am loving it so far! One thing I haven't been able to put a handle on, is the fact that my WiFi AP (a Netgear Orbi Router - RBR40), drops traffic bound for WAN gateway for a short while, for all WiFI endpoints... and the below shows up in System Logs:

      Jul 1 11:14:13 kernel arp: 10.0.0.3 moved from 78:d2:94:b1:e3:58 to 78:d2:94:b1:e3:59 on igb1
      Jul 1 11:14:18 kernel arp: 10.0.0.3 moved from 78:d2:94:b1:e3:59 to 78:d2:94:b1:e3:58 on igb1
      Jul 1 11:14:20 kernel arp: 10.0.0.3 moved from 78:d2:94:b1:e3:59 to 78:d2:94:b1:e3:58 on igb1
      Jul 1 11:14:32 kernel arp: 10.0.0.3 moved from 78:d2:94:b1:e3:59 to 78:d2:94:b1:e3:58 on igb1

      This happens every 23-24 hours daily.

      On the Orbi Router, I have put it in AP mode, and gave it a static IP (in Orbi) of 10.0.0.3. On the pfSense side, I also reserved that IP for the 78:d2:94:b1:e3:58 (not 59, which you can see it flips to, and then back again). I'm not really sure what else I should be checking for... and any thoughts or insight on why this is happening would be greatly appreciated!!! Thank you all!

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        What is assigned that second MAC address? Another interface in the AP I would assume.

        Maybe one is the Ethernet MAC and the other is the wifif MAC?

        If it has two Ethernet ports it might be setup to do some sort of link bonding which can show like that.

        https://docs.netgate.com/pfsense/en/latest/monitoring/arp-moved-log-messages.html

        Steve

        1 Reply Last reply Reply Quote 0
        • H
          HeyRob
          last edited by

          I have already reviewed that URL, and checked for the same sort of issue.. There is only one Netgear device on my LAN, and nothing else even comes close to that MAC.. the BSSID for the WiFI radio in the Orbi itself is 78:d2:94:b1:e3:5b. All devices that I can run arp -a on, all show the correct entry for the AP MAC and LAN interface in pfSense:

          ? (10.0.0.172) at b8:7b:c5:67:22:c5 [ether] on wlan0
          ? (10.0.0.21) at a2:89:d2:27:22:8e [ether] on wlan0
          ? (10.0.0.197) at 70:77:81:2c:0d:f3 [ether] on wlan0
          ? (10.0.0.217) at 78:d2:94:01:4b:b8 [ether] on wlan0
          ? (10.0.0.3) at 78:d2:94:b1:e3:58 [ether] on wlan0
          raspberrypi (10.0.0.100) at dc:a6:32:1c:59:50 [ether] on wlan0
          ? (10.0.0.227) at 50:c7:bf:74:7f:44 [ether] on wlan0
          ? (10.0.0.11) at e0:d5:5e:29:12:0f [ether] on wlan0
          ? (10.0.0.143) at 9e:2d:a6:6c:5f:f1 [ether] on wlan0
          ? (10.0.0.218) at e8:fb:e9:30:cc:d6 [ether] on wlan0
          ? (10.0.0.1) at 40:62:31:0b:42:db [ether] on wlan0
          ? (10.0.0.194) at 00:0c:29:9c:7e:04 [ether] on wlan0

          Any other thoughts as to why this might be happening?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Not really. It pretty much has to be coming from that access point, you'd have to ask Netgear why it's doing that.

            It would not normally cause a problem if it was an expected load-balancing strategy or lagg interface.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.