- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Network Policy Server VPN authentication weird ip address
All my clients who vpn in are authenticated also through our Network Policy Server. When I look in the event viewer, all the requests have an NAS ipv4 of 6.233.169.224 address. Is this something from Meraki? When I look it up it is an address in Colorado. Should I be concerned about this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I took a quick look at the NPS logs for a client of mine. Their requests also originate from a 6.0.0.0/8 IP address. I'd be willing to bet that this is due to communication with the Meraki cloud but I have no proof.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For some reason I've yet to determine, Meraki devices (not sure which, but many for sure) seem to use a 6. address internally for "something".
What I can't figure out is why they're using IP's in a range owned by the US Army Intelligence and Security Command.
Yes, that's right, Meraki devices appear to be hardcoded with an IP owned by a US intelligence service.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have an MV72 that displays this behavior too. I have both the wired and wireless interfaces active on it, and it generates IP conflicts from time to time. I never posted about it here, or opened a case, but I did throw it out to the Twitterverse to for comments.
https://twitter.com/jdsilva/status/1118719991036010496
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems like I've opened up a can of worms! I guess I'm not being hacked and it's ok for now.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone,
Hope you're doing great!
This is a old discussion but since I've seen a number of cases on Meraki Support I decided to give this topic a bump up.
TL/DR: if you seen traffic like RADIUS, Netflow, SYSLOG, access requests, etc coming from your MX with IP 6.x.y.z it's ok if your MX is in Pass Through mode or it just have one single VLAN.
According to this official document [1], MX devices which operate in Pass-through mode or just have on single VLAN pick an address from range 6.x.y.z only for certain types of traffic. "When in Passthrough or Routed/NAT mode in Single LAN the MX will source traffic from a 6.X.X.X address for services such as Syslog, Netflow, RADIUS access requests and potentially others." [1]
Reference:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki also uses a public IP in the NAS field when AP's and Switches probes the radius server to see if it is alive. Meraki also uses public IPs for BGP router ID's when enabling BGP and for the APs when they are in mesh.
It's really strange to see these public IPs show up at seemingly random places.