cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Does anybody knows about Internat Martian event log?

Highlighted
Getting noticed

Does anybody knows about Internat Martian event log?

I got call from customer today that they have some ping loss between Meraki VPN (Malaysia <-> Korea).

So, I checked event log, and there are quite amount of VRRP transition and Internet Martian log.

 

I know what VRRP transition log means, but it came up blank about Internet Martian log.

Even Meraki documentation doesn't mentioned about Internet Martian log.

It comes from MX, so it seems that there are some problem with local Internet, but I cannot sure.

 

Does anybody have experience about Internet Martian log?

9 REPLIES 9
Kind of a big deal

Re: Does anybody knows about Internat Martian event log?

Martian, martion, what exactly do you find in the log. Could you copy and paste the exact log?

Highlighted
Getting noticed

Re: Does anybody knows about Internat Martian event log?

It's "Internet Martian". I made some typos and fixed it. Sorry for causing confusion.

Here is exact log.

 

Jun 25 12:33:48LGHH_ML_VPN_Ae0:cb:bc:9c:73:20Internet martiansource_client_ip: 192.168.100.1, source_client_mac: E0:CB:BC:9C:73:20, source_client_assigned_vlan: 1  
last_illegal_ip0.0.0.1
client_total_illegal_packets515
all_total_illegal_packets519
last_reported_total518
Highlighted
Kind of a big deal

Re: Does anybody knows about Internat Martian event log?

A client seems to be trying to communicate with 0.0.0.1. That's not a real address so that error comes up. Likely unrelated to your problem.

Highlighted
Getting noticed

Re: Does anybody knows about Internat Martian event log?

So, it was client side problem, not Meraki or Internet?
MAC address e0:cb:bc:9c:73:20 is spare device, and it doesn't have uplink connection for now.
Why spare device tries to communicate with 0.0.0.1?
Highlighted
Kind of a big deal

Re: Does anybody knows about Internat Martian event log?

Oh, is it the Mac address of the warm spare device? In that case it may be related to vrrp. What's your physical topology like? Do you have a drawing?

Highlighted
Getting noticed

Re: Does anybody knows about Internat Martian event log?

Here it is. MS is working as L3 switch, and MX and MS are in warm-spare configuration.

There was Internet for MX#2, but after office move out, it's not available for now.

 

topology.png

Highlighted
Kind of a big deal

Re: Does anybody knows about Internat Martian event log?

Check out this page:

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

recommended_HA_design

 

The recommended topology is not to have a direct link in between the MXs, and each MX linked up to each switch. Perhaps you can try that topology and see if it solves your issues.

 

 

Highlighted
Kind of a big deal

Re: Does anybody knows about Internat Martian event log?

Normally

 

Martian packets may be the result of  IP address spoofing but can also arise from network equipment malfunction or an inchoate host configuration.

 

In Linux speak, a martian packet is an IP packet received by an interface on a device, and the routing tables indicate that the source IP usually arrives on another interface.

 

It is probably a configuration issue, if not configuration it might be innocuous.

 

For example, on another (non-Meraki) security gateway, I have to set up a "virtual switch" on the uplink to a VDSL modem, in order to effect a separate and co-existent IP address on the WAN port connected to the modem. This is a Pseudo Ethernet port and combined with a Masquerade NAT rule effectively spoofs an IP address - so it turns up as Life On Mars in the logs, but for the network it is Fire up the Quattro as one can access the modem's GUI interface from any down stream device.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Highlighted
Kind of a big deal

Re: Does anybody knows about Internat Martian event log?

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.