MX-67W displaying multiple MACs on WAN/Internet port

Nate28
Comes here often

MX-67W displaying multiple MACs on WAN/Internet port

I work support for a service provider and have a customer using an MX-67W with some unusual behaviors.

 

  1. We are seeing multiple MAC addresses present on his WAN port with only one data connection to the device. According to the Meraki documentation I have reviewed(and as expected), each port has its own distinct MAC assigned and I have not come across any configuration where these might be re-mapped to the same port.
  2. One of the WAN port MACs(presumably the primary one for the WAN) will pull an IP from our servers, but then 30 minutes later issue another "Discover" message even though there has been no port state change.  (Our leases are typically 12 hours so this is not by configuration).  We see no dhcp discover messages from the other MAC on the port.  This process is repeating over and over again.

This connection was working without issue a couple of weeks ago(single MAC pulling same IP renewing every 6 hours as expected) and the Meraki user is not admitting any changes on the network.

 

So the two questions are:  1)  Any ideas how two MACs are showing up on the same physical interface?  2)  Know any Meraki configuration issues that would be prompting this device to constantly reissue Dhcp 'Discover' messages even though layer 2 remains stable?

 

TIA

11 Replies 11
jdsilva
Kind of a big deal

Is the MX67 running version 15? And is the Internet service connected on WAN2?

Nate28
Comes here often

Not sure on the version, will confirm. 

 

Internet service is connected to Dedicated WAN port(left most on the back side), not the convertible LAN one - sorry, not sure of the Assignments for WAN1 / WAN2 to physical ports from the docs I reviewed.  There are no other physical connections besides power and Dedicated WAN port

jdsilva
Kind of a big deal

OK, if you're in the leftmost port (WAN1) then it's not what I was guessing at. WAN2 is the convertible port.

 

The MX will fall back to DHCP in the event it loses connectivity with its static, but that DHCP will come from the same MAC address that's used for the static. It doesn't change. 

 

I'm not sure I have another guess here 😞

 

 

Nate28
Comes here often

Ver 15.15 running

jdsilva
Kind of a big deal

OK, there's this, but AFAIK it only affects WAN2:

 

image.png

PhilipDAth
Kind of a big deal
Kind of a big deal

Any chance the MX is in passthrough mode (rather than NAT mode) and bridging the WAN to the LAN, and their is another router/CPE behind it?

 

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...

Uberseehandel
Kind of a big deal

I have a network that is effectively layered, like an onion skin with multiple security appliances. The dashboard for the system the MX uplinks to shows the MX as having 2 MAC.

 

As I see it there is a MAC for the device and one for each MX port.

 

 

MultiMAC.jpg

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Aaron_Wilson
A model citizen


@PhilipDAth wrote:

Any chance the MX is in passthrough mode (rather than NAT mode) and bridging the WAN to the LAN, and their is another router/CPE behind it?

 

https://documentation.meraki.com/MX/Networks_and_Routing/Passthrough_Mode_on_the_MX_Security_Applian...


I second this. Have them send a screenshot showing the NAT/passthrough config.

Nate28
Comes here often

Thanks for the input, seems our customer opened a support issue with Meraki as well, I will provide a follow up post of the result of those conversations for inquiring minds. 🙂

Nate28
Comes here often

Update:

 

Meraki Support wrote:

 

  • The MAC ac:17:c8:5f:21:30 is the MX chassis address while ac:17:c8:5f:21:31 is the MX WAN port address. There is possible that your device might learn both MAC addresses but the WAN port address is the only MAC that will ARP and connect to your gateway. I packet capture multiple times on MX WAN port and confirm the only MAC address sending traffic to upstream device.

Further checks on #2 indicate the MX device is never trying to renew the IP lease(why the 30 min duration is another story yet to be solved).  The lease just expires and the MX issues a new Dchpdiscover message.  This is still being investigated.

 

 

Nate28
Comes here often

Seems like Meraki support is focusing on the lease duration.  Why is beyond me, no matter the lease duration, the device should begin to start renewal half way through the lease.

 

In this case, no matter the lease, 30 mins or 12 hours, the MX never does a lease renewal and lets it expire.  Just starts up another Dchp Discover announcement.  In this particular case, the MX router is receiving a different IP address offer at times and this new IP address is interrupting any current connection the customer may have in process(the whole reason for lease renewal process in the first place).

 

Any ideas out there on why an MX would not renew and only let a lease expire on an active connection?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels