Hello All,
I am getting a lot of events: "Source IP and/or VLAN mismatch" from one device (I think is a camera).
source_client_ip: 192.168.1.15, source_client_mac: 28:F3:66:AC:C2:83, source_client_assigned_vlan: 10 « hide
last_illegal_ip | 192.168.16.106 |
client_total_illegal_packets | 19828 |
all_total_illegal_packets | 20942 |
last_reported_total | 20906 |
I dont understand why! Anyone have any idea?
Thank you,
Dena
VLAN 10 (192.168.1.0/24) is the only vlan for all the devices. I have installed the MX a couple days ago. I didn't segmented the network.
Well I think is a static IP configured but in the same range (192.168.1.0/24).
It seems strange that on the event, it shows :
last_illegal_ip | 192.168.16.103 |
@Dena, when you look at your Clients list, do you see the camera listed? What IP address do you see on it there?
I would recommend segmenting your network if you can. I realize it depends on the rest of your equipment. Was it previously segmented?
Yes I can see it, is receiving Ip 192.168.1.15.
But the event keep showing again.
I will try to check that device closer.
Thank you
Hi @Dena,
If the target device reported on the event has been connected LAN interface or sitting downstream through the LAN interface on MX,
You can try taking packet capture and filter by the mac address to see which VLAN ID is actually added in layer 2 header for the confirmation.
You can take packet capture from:
Network-wide > Packet capture > Set Security appliance as the target device and LAN port as target interface, then download it as .pcap format for you to load and analyse it on your Wireshark.
You can filter by "eth.addr:'Target mac address'" helps you to see traffic from / to the mac address.
Hope this would help your confirmation!
Hi hintoshi,
Thank you for your advice.
yes I have tried to sniff the packed but nothing is captured for this device.
Kind regards,
Dena
Hi @Dena,
Okay, it sounds like the device had not been generating traffic through LAN ports on the MX during the packet capture was going.
If the device is not generating traffic all time, you could try generating ICMP ping from MX to the device through live tool and take packet capture during the period to see return traffic from the device which would help you to see traffic from it.
Hope this would help!
Hi @Dena ,
Thanks for the update.
Do you mean you have captured interface toward WAN side rather than LAN side?
If you want to confirm how the VLAN ID in L2 header is, you need to capture the interface toward client side.
If the client sits on downstream of your network through LAN ports on MX, you can select "Interface" dropdown menu on Packet capture page to "LAN", and run the packet capture for LAN interface.
Hope this would help you out!
Hi Hitoshi,
:)' my bad, I didn't notice the interface selection was Internet.
However I cannot understand a lot from the packet-capture. There are all the time arp packets between meraki and this linux device Shenzhen Bilian.
Then came up this IP 192.168.16.104 😕
Thank you for your help,
Kind Regards,
Denisa
Hi @Dena ,
No problem at all!
I am happy to see that you have captured actual traffic from the target device for your clarification.
You can copy same idea for that kind of clarification in future by using packet capture tool on your dashboard.
Enjoy your MX!!
Hi Dena,
Did you discover the real problem?