Gateway Conflict with AP



  • I have a strange issue and it only started happening a few weeks ago.  We are also in contact with the AP vendor, but I thought I would post here to see if you guys have any feedback.

    I am running RC2 from June 3 currently and we have several Engenius EOC 2611P access points. The network was setup a while back by someone else and the LAN is at 192.168.1.0/24 with the gateway being 192.168.1.1.

    I am seeing this error in the firewall logs:

    kernel: arp: 00:02:6f:xx:xx:xx is using my IP address 192.168.1.1 on igb1!
    
    

    We have traced it to the AP's. Anytime the power gets cycled on one I loose all connectivity to the pfSense box and all network services go down.  We tested it on several AP's and it appears that on the initial boot they advertise themselves as 192.168.1.1 before configuring the assigned address.  A reboot of the core switch clears everything up and the AP's function as they should.

    I feel this is more of a bug in the Engenius firmware, but am I missing something?



  • Seems strange, my bet is that when they boot they have a short period you could browse to them on their default IP as a recovery tool

    Change your PF gateway to .254 and update DHCP as such and you won't have a problem.  Just exclude .1 from your DHCP pool so noone else uses it either.

    Alternatively use a different subnet - you may find that the APs always use that IP and its just coincidence that they and you both opted for the same IP (coincidence … except its the subnet/IP we all choose first!)



  • The gateway change to 254 may be best and easiest.  I had thought of readdressing the network, but it has about 200 devices and a ton of port forwards and firewall rules for various servers.  That would be a nightmare.

    This thing was setup years ago.  I never use the 1.1 addressing scheme for that exact reason.



  • That's really ugly, definitely a bug in the APs that hopefully the vendor will fix (or maybe already has if you don't have the latest firmware).



  • I finally got an answer from the vendor.  The use the RedBoot bootloader.  It looks for a boot image on the network at startup and initially advertises itself as 192.168.1.1.  Even the Engenius tech thought this was a dumb address to use by default. Because this is happening at such a low level he does not look for the engineers in Taiwan to change it anytime soon.

    The workarounds that were suggested are to bock TCP port 9000 or add a static ARP entry for the real gateway.  I have discussed changing the gateway address with the customer, but he wants to avoid that if at all possible.

    I plan to try these this weekend.

    BTW Chris it was great to meet you at SELF last weekend.  Hope you had a good time and will be back next year.  The SELF network was powered by pfSense.



  • Ah yeah that's a much lower level. I haven't heard of that happening with RedBoot before though, that's a very common boot loader for embedded hardware. I suspect they're doing something atypical there. But yeah good luck getting it fixed, you're likely stuck working around it.

    @Kevin:

    BTW Chris it was great to meet you at SELF last weekend.  Hope you had a good time and will be back next year.  The SELF network was powered by pfSense.

    You too! Actually didn't realize that was you until you mentioned it and I looked at your profile. Yeah it was a great conference, I definitely plan on returning next year.


  • Netgate Administrator

    You can change RedBoot's IP quite easily if you have access to the boot loader prompt.
    Simply run fconfig and hit return across each parameter you don't want to change until you get to the IP.

    Steve


Locked