cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Source IP and/or VLAN mismatch-Meraki MX-64!

Here to help

Source IP and/or VLAN mismatch-Meraki MX-64!

Hello All,

I am getting a lot of events: "Source IP and/or VLAN mismatch" from one device (I think is a camera).

source_client_ip: 192.168.1.15, source_client_mac: 28:F3:66:AC:C2:83, source_client_assigned_vlan: 10  « hide

last_illegal_ip192.168.16.106
client_total_illegal_packets19828
all_total_illegal_packets20942
last_reported_total20906

 

I dont understand why! Anyone have any idea?

 

Thank you,

Dena

13 REPLIES 13
Kind of a big deal

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

What subnet is your VLAN 10 supposed to be?
Does the camera have a static IP configured on the wrong subnet for the VLAN its sitting on?
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Here to help

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

VLAN 10 (192.168.1.0/24) is the only vlan for all the devices. I have installed the MX a couple days ago. I didn't segmented the network.

 

Well I think is a static IP configured but in the same range (192.168.1.0/24).

 

It seems strange that on the event, it shows :

last_illegal_ip192.168.16.103

 

Kind of a big deal

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

@Dena, when you look at your Clients list, do you see the camera listed? What IP address do you see on it there?

 

I would recommend segmenting your network if you can. I realize it depends on the rest of your equipment. Was it previously segmented?

Here to help

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

No it was not segmented before.
Kind of a big deal

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Ok so the error is clear then, its getting packets from a device saying its on 192.168.16.0/24 for the VLAN that is 192.168.1.0/24

You're probably going to need to track that device down, it might have something misconfigured, maybe DNS or something strange.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Here to help

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Yes I can see it, is receiving Ip 192.168.1.15. 

But the event keep showing again.

 

I will try to check that device closer.

 

Thank you

Meraki Employee

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi @Dena,

 

If the target device reported on the event has been connected LAN interface or sitting downstream through the LAN interface on MX,

You can try taking packet capture and filter by the mac address to see which VLAN ID is actually added in layer 2 header for the confirmation.

 

You can take packet capture from:

Network-wide > Packet capture > Set Security appliance as the target device and LAN port as target interface, then download it as .pcap format for you to load and analyse it on your Wireshark.

You can filter by "eth.addr:'Target mac address'" helps you to see traffic from / to the mac address.

 

Hope this would help your confirmation!

Highlighted
Here to help

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi hintoshi,

Thank you for your advice.

yes I have tried to sniff the packed but nothing is captured for this device.

Capture.png

event logs.png

 

Kind regards,

Dena

Meraki Employee

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi @Dena,

 

Okay, it sounds like the device had not been generating traffic through LAN ports on the MX during the packet capture was going.

 

If the device is not generating traffic all time, you could try generating ICMP ping from MX to the device through live tool and take packet capture during the period to see return traffic from the device which would help you to see traffic from it.

 

Hope this would help!

Here to help

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi Hitoshi,
I did performed ping as you advice me (although I can see that the device is doing traffic).
I cannot capture nothing from any client devices. The only captured traffic is of the routerboard that face the ISP (LAN-Meraki-Routerboard-ISP).

Thank you,
Denisa
Meraki Employee

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi @Dena ,

 

Thanks for the update.

 

Do you mean you have captured interface toward WAN side rather than LAN side?

If you want to confirm how the VLAN ID in L2 header is, you need to capture the interface toward client side.

 

If the client sits on downstream of your network through LAN ports on MX, you can select "Interface" dropdown menu on Packet capture page to "LAN", and run the packet capture for LAN interface.

 

Hope this would help you out!

Here to help

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi Hitoshi,

 

:)' my bad, I didn't notice the interface selection was Internet.

 

However I cannot understand a lot from the packet-capture. There are all the time arp packets between meraki and this linux device Shenzhen Bilian.

 

Wireshark.PNG

Then came up this IP 192.168.16.104 😕

 

Thank you for your help,

 

Kind Regards,

Denisa

Meraki Employee

Re: Source IP and/or VLAN mismatch-Meraki MX-64!

Hi @Dena ,

 

No problem at all!

I am happy to see that you have captured actual traffic from the target device for your clarification.

 

You can copy same idea for that kind of clarification in future by using packet capture tool on your dashboard.

 

Enjoy your MX!!

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.