Wierd IP conflict with two devices in one network



  • Hello everyone,

    I have two devices battleing each other in one network, but I really dont know why, because each device have their own IP's reserved in DHCP server (in this case Firewall B).

    In both Firewalls, I am using arpwatch to detect in real time all IP conflicts that may occur, where in this case I am receiving tons of notifications with flipflops being done in Arp table for those two devices in Firewall B 10.0.10.0/24 network:

                hostname: <unknown>
              ip address: 10.0.10.20
        ethernet address: 24:a2:e1:e7:60:c0
         ethernet vendor: Apple, Inc.
    old ethernet address: b8:78:2e:33:94:2d
     old ethernet vendor: Apple, Inc.
               timestamp: Tuesday, July 28, 2020 12:21:23 +0100
      previous timestamp: Tuesday, July 28, 2020 12:21:09 +0100
                   delta: 14 seconds
    
    

    But in DHCP server I have:

    9c0fc5cb-44aa-4d32-a252-b0c6ddb7f409-image.png

    Network diagram before moving that Time Capsule to 10.0.10/0/24 where that Apple TV was already installed:

    7fecb5cd-f98a-4477-9985-eb8d7a827ec1-image.png

    I really dont know why this is happening.

    Anyone knows?

    Note: If you need more info feel free to ask.

    Thanks in advance!



  • Why would the time capsule, living on network 10.0.0.0/24 attribute itself an IP from the 10.0.10.0/24 network ? Does the time capsule contains some route info, so it can "talk" to the DHCP server on 10.0.10.0/24 ?

    Firewall A and Firewall B have a DHCP running on their LAN ? Set up ok ?
    All devices are using DHCP, right ?

    When the VPN tunnel is taken down, the issue is gone ?



  • @SipriusPT

    Is one DHCP server supporting both networks? Do you have a DHCP relay somewhere?


  • Netgate Administrator

    The time capsule was moved to the other subnet.

    Do you see it trying to pull a DHCP lease?

    I would run a packet capture filtered by the time capsules MAC address and see what's actually happening. It seems likely it's failing to get a lease and re-using it's previous address.

    Steve



  • Sorry for the delayed answer.

    @Gertjan That diagram is just to represent how it was before I change Time Capsule from that Site A to Site B, now both devices are in 10.0.10.0/24. The idea that I tried to pass it was to show you that it was indeed two differente physical NICs per device.

    Both Firewalls, have DHCP servers in place, but 10.0.0.0/24 uses WS DHCP server, and all of those are working properly for months/years.

    In 10.0.10.0/24, there is at least one device with a local setup IP (10.0.10.6). But not signed for those two IPs, and I have already changed from static to dynamic IPs in DHCP server but got the same result.

    Its like both devices have been assigned with the same IP, but it was not, so I really dont know why its happeaning.

    After 3 days being massively spammed by arpwatch, it stops, Time Capsule using the right IP.

    Since I am not physically present in that site, I can only assume that someone have turned off that Apple TV.

    @stephenw10 I have made that several times. I didnt made any sniff attempt, but next time I will have to do it, because it wasnt normal.

    If I got this issue again, I will let you know, even if I find the reason for this to happean.

    Thank you all for the help, always appreciated!


Log in to reply