PDA

View Full Version : Weird conflicting IP issue



Janet
04-16-08, 06:48 PM
Here's a head scratcher:

We've got three Cisco Aironet AP's connected to a Cisco managed switch
and everything was working fine until someone brought their iPhone and
Mac in. When they turn them on, the other wireless clients get the "there
is
an IP address conflict" popup over the system tray and traffic on the
network
becomes erratic or stops.

As far as I know, all the devices on the network are DHCP. But as an
experiment, I temporarily changed the inside addresses on the whole
network from 192.168.0.X to 10.0.0.X. Like before, everything is
fine until these Mac/iPhone devices are turned on. Then everyone gets
the "there is an IP address conflict" popup again and traffic stops.

If we assume that, say, the Mac isn't DHCP and has an address programmed
into its stack (I'll go check it myself,) why would there be an IP address
conflict reported even on the new subnet? If, say, the Mac had 192.168.0.1
programmed into its stack, how would it conflict with any 10.0.0.X address?

Thanks.

John
04-16-08, 07:07 PM
You sure got me scratching my head. My wild guess is the subnet is too small
(there are more devices than available IPs)? Or the DHCP (Cisco Aironet?)
needs a bug fix? Does it have the latest firmware?

"Janet" <janet@nospam.com> wrote in message
news:OubqmxBoIHA.4904@TK2MSFTNGP03.phx.gbl...
> Here's a head scratcher:
>
> We've got three Cisco Aironet AP's connected to a Cisco managed switch
> and everything was working fine until someone brought their iPhone and
> Mac in. When they turn them on, the other wireless clients get the "there
> is
> an IP address conflict" popup over the system tray and traffic on the
> network
> becomes erratic or stops.
>
> As far as I know, all the devices on the network are DHCP. But as an
> experiment, I temporarily changed the inside addresses on the whole
> network from 192.168.0.X to 10.0.0.X. Like before, everything is
> fine until these Mac/iPhone devices are turned on. Then everyone gets
> the "there is an IP address conflict" popup again and traffic stops.
>
> If we assume that, say, the Mac isn't DHCP and has an address programmed
> into its stack (I'll go check it myself,) why would there be an IP address
> conflict reported even on the new subnet? If, say, the Mac had
> 192.168.0.1
> programmed into its stack, how would it conflict with any 10.0.0.X
> address?
>
> Thanks.
>
>

smlunatick
04-17-08, 11:47 AM
On Apr 16, 7:48*pm, "Janet" <ja...@nospam.com> wrote:
> Here's a head scratcher:
>
> We've got three Cisco Aironet AP's connected to a Cisco managed switch
> and everything was working fine until someone brought their iPhone and
> Mac in. *When they turn them on, the other wireless clients get the "there
> is
> an IP address conflict" popup over the system tray and traffic on the
> network
> becomes erratic or stops.
>
> As far as I know, all the devices on the network are DHCP. *But as an
> experiment, I temporarily changed the inside addresses on the whole
> network from 192.168.0.X to 10.0.0.X. Like before, everything is
> fine until these Mac/iPhone devices are turned on. *Then everyone gets
> the "there is an IP address conflict" popup again and traffic stops.
>
> If we assume that, say, the Mac isn't DHCP and has an address programmed
> into its stack (I'll go check it myself,) why would there be an IP address
> conflict reported even on the new subnet? *If, say, the Mac had 192.168.0.1
> programmed into its stack, how would it conflict with any 10.0.0.X address?
>
> Thanks.

The problem is that the iPhone is also a "wireless" device which can
be set with an IP address that is used on your network. You must have
a few IP addresses that might not be "changed" to 10.0.0.xx.
Routers / AP , printers / print servers and servers do not usually use
DHCP assigned addresses.

Or the iPhone is also behaving as a DHCP "server" assigning IP
addresses. It could over lap your network.

Janet
04-17-08, 06:12 PM
"John" <a> wrote in message news:e5EWH8BoIHA.5836@TK2MSFTNGP04.phx.gbl...

> You sure got me scratching my head. My wild guess is the subnet is too
> small (there are more devices than available IPs)? Or the DHCP (Cisco
> Aironet?) needs a bug fix? Does it have the latest firmware?

The problem was isolated to the Mac computer. When I asked the user if
it was programmed for DHCP, he said he "wasn't sure" and he'd "check it
out." There hasn't been any trouble since then. I still can't understand
how
even a machine with a static IP programmed into it could conflict with any
of
our other DHCP devices even after changing the IP addressing scheme
to a different subnet!

Janet
04-17-08, 06:12 PM
I understand about the iPhone. That's why I mentioned it.

There are three items on the network that are assigned a static IP address:
the managed switch, the DSL router and one computer. During the
troubleshooting, I changed all of these to different addresses in the
original
subnet 192.168.0 as well as the new one 10.0.0, yet the "conflicting IP"
popup returned. So that doesn't explain it. Also, the DHCP table of
assigned IP's never showed any conflicts. The DHCP server can hand
out 200 addresses (far more than we'll use) and all the devices with static
assignments are outside this range, of course.

I understand what you're saying about a "rogue" DHCP server on the
network. However, how would that explain the "conflict" popups
after the subnet change from 198 to 10? In other words, how could
this second DHCP server decide to begin assigniong 10. addresses
after I changed the network numbering scheme?

The problem was isolated to a Mac computer. I asked the user if
it was programmed for DHCP. He said he "wasn't sure" and he'd
"check it out." There hasn't been any trouble since then.

I suppose this will be one of those mysteries that I'll take to
my grave unsolved.


"smlunatick" <yveslec@gmail.com> wrote in message
news:dcbefb3b-9f92-470c-8384-d5437bd33106@24g2000hsh.googlegroups.com...

The problem is that the iPhone is also a "wireless" device which can
be set with an IP address that is used on your network. You must have
a few IP addresses that might not be "changed" to 10.0.0.xx.
Routers / AP , printers / print servers and servers do not usually use
DHCP assigned addresses.

Or the iPhone is also behaving as a DHCP "server" assigning IP
addresses. It could over lap your network.

John
04-17-08, 07:08 PM
"Janet" <janet@nospam.com> wrote in message
news:ee9S%23BOoIHA.3428@TK2MSFTNGP02.phx.gbl...
>
> "John" <a> wrote in message news:e5EWH8BoIHA.5836@TK2MSFTNGP04.phx.gbl...
>
>> You sure got me scratching my head. My wild guess is the subnet is too
>> small (there are more devices than available IPs)? Or the DHCP (Cisco
>> Aironet?) needs a bug fix? Does it have the latest firmware?
>
> The problem was isolated to the Mac computer. When I asked the user if
> it was programmed for DHCP, he said he "wasn't sure" and he'd "check it
> out." There hasn't been any trouble since then.

Would you be able to find out what the user "checked out" on his Mac?

Janet
04-17-08, 10:01 PM
"John" <a> wrote in message news:OxvHWhOoIHA.3960@TK2MSFTNGP02.phx.gbl...

> Would you be able to find out what the user "checked out" on his Mac?

HAHA. I doubt it. You know, I'm just wondering if this guy had something
"unusual" (meaning "shady") set up that was causing this and, when
confronted
with an office full of disconnected employees, quietly stopped doing
whatever
it was.

I've been mulling over scenarios that might produce the "conflicting IP
address"
popups due to nefarious activities, and I can't come up with anything that
would do it even after changing the inside IP addressing subnet except for
maybe having two devices with identical MAC addresses (via mac-clone
or something.) Having never tried it myself, I'm not sure how a DHCP
server would handle that. But even in that scenario, how would it trigger
the "conflicting IP" popup if it thought it was the same device? Or is
there
something besides the MAC address floating around in the packets that
could reveal such a thing and trigger it?

Another possibility, I suppose, is he was running something that attempts
to masquerade as another wireless client for nefarious ends. Our Cisco
AP's/managed switch is setup to prevent client-to-client traffic.

Oh well. I'm not in a position to pursue it any further now that things are
back to normal.

smlunatick
04-18-08, 08:24 AM
On Apr 17, 7:12*pm, "Janet" <ja...@nospam.com> wrote:
> I understand about the iPhone. *That's why I mentioned it.
>
> There are three items on the network that are assigned a static IP address:
> the managed switch, the DSL router and one computer. *During the
> troubleshooting, I changed all of these to different addresses in the
> original
> subnet 192.168.0 as well as the new one 10.0.0, yet the "conflicting IP"
> popup returned. *So that doesn't explain it. *Also, the DHCP table of
> assigned IP's never showed any conflicts. *The DHCP server can hand
> out 200 addresses (far more than we'll use) and all the devices with static
> assignments are outside this range, of course.
>
> I understand what you're saying about a "rogue" DHCP server on the
> network. *However, how would that explain the "conflict" popups
> after the subnet change from 198 to 10? *In other words, how could
> this second DHCP server decide to begin assigniong 10. addresses
> after I changed the network numbering scheme?
>
> The problem was isolated to a Mac computer. *I asked the user if
> it was programmed for DHCP. *He said he "wasn't sure" and he'd
> "check it out." *There hasn't been any trouble since then.
>
> I suppose this will be one of those mysteries that I'll take to
> my grave unsolved.
>
> "smlunatick" <yves...@gmail.com> wrote in message
>
> news:dcbefb3b-9f92-470c-8384-d5437bd33106@24g2000hsh.googlegroups.com...
>
> The problem is that the iPhone is also a "wireless" device which can
> be set with an IP address that is used on your network. *You must have
> a few IP addresses that might not be "changed" to 10.0.0.xx.
> Routers / AP , printers / print servers and servers do not usually use
> DHCP assigned addresses.
>
> Or the iPhone is also behaving as a DHCP "server" assigning IP
> addresses. *It could over lap your network.

If you checked the PCs and discover that one assigns a static IP, if
your DHCP assigns the same IPs within the same subnet, if the DHCP
service does not have advanced features (locating and isolating
conflicting IP address) then you could get such an error.

Phillip Windell
04-18-08, 09:25 AM
"Janet" <janet@nospam.com> wrote in message
news:OubqmxBoIHA.4904@TK2MSFTNGP03.phx.gbl...
> If we assume that, say, the Mac isn't DHCP and has an address programmed
> into its stack (I'll go check it myself,) why would there be an IP address
> conflict reported even on the new subnet? If, say, the Mac had
> 192.168.0.1
> programmed into its stack, how would it conflict with any 10.0.0.X
> address?

How in the world did you re-address and whole network that fast???

If you only changed the DHCP Scope that may take 4 days to fully take effect
unless you went around and rebooted every machine or did a IPConfig
/release/renew. And then after that you would still have to adjust devices
that don't use DHCP,...and then after that adjust any Applications that have
communication functions that may be effected by the change. It could takes
days or maybe even weeks to correctly re-address a company network if it is
anything more complicated than a "home-user" network.

I suspect that not all the machines had moved to 10.* by that point and
conflict just simply still existed on the 192.*

Another thing is that you can only have an IP# conflict on a single pair of
machines (the valid one and the intruder),...you can't have multiple
machines conplaining about the same conflict because they would not all be
using the same address in the first place. So when you say "wireless
clients get the there is an IP address conflict", that just doesn't make any
sense,...it can't be "clients",...it has to be "client".


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Janet
04-18-08, 09:49 PM
I manually changed the IP address of the devices with a static IP
and the were already outside the DHCP scope. But the "conflicting
IP" popups remained.

"smlunatick" <yveslec@gmail.com> wrote in message
news:b4baffa3-062a-4545-af41-

If you checked the PCs and discover that one assigns a static IP, if
your DHCP assigns the same IPs within the same subnet, if the DHCP
service does not have advanced features (locating and isolating
conflicting IP address) then you could get such an error.

Janet
04-18-08, 09:54 PM
Good point about the not-yet-stale IP lease in the old subnet.
However, when I changed the subnet, I took down the network
for about five minutes thinking the clients would issue a new DHCP
request when it came back. I've witnessed that behavior on
my home PC when I unplug the switch.

The funny thing is that the "conflicting IP" popup was, in fact,
appearing on multiple machines. That's why I think there was
something nefarious running on the suspect machine.

"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:eW708$VoIHA.3428@TK2MSFTNGP02.phx.gbl...

> How in the world did you re-address and whole network that fast???
>
> If you only changed the DHCP Scope that may take 4 days to fully take
> effect unless you went around and rebooted every machine or did a IPConfig
> /release/renew. And then after that you would still have to adjust
> devices that don't use DHCP,...and then after that adjust any Applications
> that have communication functions that may be effected by the change. It
> could takes days or maybe even weeks to correctly re-address a company
> network if it is anything more complicated than a "home-user" network.
>
> I suspect that not all the machines had moved to 10.* by that point and
> conflict just simply still existed on the 192.*
>
> Another thing is that you can only have an IP# conflict on a single pair
> of machines (the valid one and the intruder),...you can't have multiple
> machines conplaining about the same conflict because they would not all be
> using the same address in the first place. So when you say "wireless
> clients get the there is an IP address conflict", that just doesn't make
> any sense,...it can't be "clients",...it has to be "client".
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>