Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Continuous notifications of Client IP Conflict

Matthew_Cholin
Here to help
‎Apr 4 2019 1:47 PM
‎Apr 4 2019 1:47 PM

Continuous notifications of Client IP Conflict

We have a single MX84 device in place at a client network that is notifying us of Client IP Conflicts daily or more often. One device that is involved is a Canon LBP6670 printer with a static IP address set for 192.168.3.31 on our Data network. The IP conflicts that are being reported almost always involve this printer and another device, but the reported IP address is always for a network that is not configured on the MX84 device. 

 

The most commonly reported IP addresses are in the self assigned ranges for systems not getting DHCP, 169.254.0.0/16, and the numbers in the last 2 octets appear to be random. We also occasionally see an address in the 192.168.100.0/24 scope but that configuration is nowhere programmed on the Meraki device. 

 

The Only IP Scopes that are programmed into the MX84 are 192.168.3.0/24, 192.168.2.0/24, 192.168.30.0/24, and 192.168.60.0/24. None of the programmed network scopes are being flagged for a duplicate IP address.

 

I have tried opening a support case with Meraki but they are not able to help unless we get a packet capture when the duplication is being reported, but the timing is always random and even if we check the devices within seconds of the alert coming through our system the duplication is no longer present. To catch a packet capture during the event that triggered the alert we would need to run a 24 hour packet capture. I'm not sure that is possible from the Meraki itself, as support has never suggested a way to do so and we cannot trigger the alert on command. 

 

Another thing that we have not been able to get an answer about is why the Meraki is reporting IP Conflicts for networks it is not programmed to even see?

 

We are looking for any suggestions for narrowing down the issue and finding a solution.

Subscribe
9 Replies 9
NolanHerring
Kind of a big deal
‎Apr 4 2019 1:52 PM
‎Apr 4 2019 1:52 PM

I've also received email alerts about devices grabbing the same IP, for a subnet that does not exist anywhere on my network. It's a real peach.

My solution is to just disable the email alerting for duplicate IP and all my cares flutter away in the wind on the wings of a butterfly.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Subscribe
BrechtSchamp
Kind of a big deal
‎Apr 4 2019 1:52 PM
‎Apr 4 2019 1:52 PM

A 24 hour packet capture would be possible using port mirroring and a capture device (could be a laptop).

 

When you say not programmed to do so you mean that you're receiving notifications even though "An IP conflict is detected" is off in Network-Wide > Alerts?

0 Kudos
Subscribe
In response to BrechtSchamp
Matthew_Cholin
Here to help
‎Apr 4 2019 1:56 PM
‎Apr 4 2019 1:56 PM

We are alerting for Conflict IP addresses but would only expect them for a programmed network scope on the Meraki, such as our Data network, the VPN, or one of the VLAN networks. These are frustrating as the majority of the conflicts are on the APIPA Scope and only last as long as it takes for our DHCP server to hand out an address.

0 Kudos
Subscribe
In response to Matthew_Cholin
BrechtSchamp
Kind of a big deal
‎Apr 4 2019 2:03 PM
‎Apr 4 2019 2:03 PM

I see your point. But shouldn't clients check whether an APIPA address is in use before starting to use it? Sounds like at least those clients are misbehaving...

0 Kudos
Subscribe
In response to BrechtSchamp
Matthew_Cholin
Here to help
‎Apr 4 2019 2:07 PM
‎Apr 4 2019 2:07 PM

While that is true, the one common device that is always reported in the conflicts is one of our Canon printers and it has a static IP address programmed into it. With a static it should not have an APIPA address to conflict with. The printer only has a single network port and from the local interface and the web interface the printer is showing the static IP Address that we programmed into it. Our client also never has problems printing to the printer and it is a high use device.

0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Apr 4 2019 3:59 PM
‎Apr 4 2019 3:59 PM

This sounds to me like the Cannon is doing proxy arp.  See if you can find a way to turn this off.

 

Also double check that it has the correct subnet mask and default gateway.  If one of these is wrong it may be using proxy arp as a last resort.

0 Kudos
Subscribe
In response to PhilipDAth
Matthew_Cholin
Here to help
‎Apr 9 2019 10:53 AM
‎Apr 9 2019 10:53 AM

So I finally had a chance to check the printer settings for the proxy and it is disabled on the device. 

 

I have also verified that the printer has the correct subnet mask and gateway, as well as valid DNS servers. 

0 Kudos
Subscribe
In response to Matthew_Cholin
DHAnderson
Head in the Cloud
‎Apr 13 2019 11:35 AM
‎Apr 13 2019 11:35 AM

Is the fixed IP Address stored in the printer configuration, or is the printer getting a fixed address from a DHCP server?

Dave Anderson
0 Kudos
Subscribe
In response to DHAnderson
Matthew_Cholin
Here to help
‎Apr 22 2019 1:25 PM
‎Apr 22 2019 1:25 PM

Previously the printer was manually configured for a static IP Address on the network, DHCP was disabled from the Administrative Web Access. Just as a test, I created a reservation in our DHCP Server for the printer and converted it to DHCP instead. The printer is now pulling an IP address from the DHCP server, but it did not change the behavior of the alerts we are getting from the Meraki. 

 

The most recent set of alerts today claimed the following IP Addresses were in conflict on the network:

 

169.254.222.176

169.254.77.114

169.254.169.41

169.254.1.2

 

All of them involving the same Canon printer and 4 other devices, each of which pulled a valid IP from our DHCP server within seconds of the alert being thrown, while the printer was online at it's assigned address. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.