Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NAT has been detected on 1 client in the switch network

Solved
EnzoLabruzzo
Here to help
‎Feb 7 2023 8:22 AM
‎Feb 7 2023 8:22 AM

NAT has been detected on 1 client in the switch network

Hello Community

 

The Meraki Monitoring system is sending me several emails indicating that a client with a MAC a01:12b:0:0:0:0:0:0 is performing a NAT on the Network. How can I detect which computer is doing this activity?

 

Enzo.

Labels:
0 Kudos
Subscribe
1 Accepted Solution
In response to alemabrahao
EnzoLabruzzo
Here to help
‎Feb 7 2023 9:24 AM
‎Feb 7 2023 9:24 AM

I'm going to verify and anything I'll write another comment. Thank you

View solution in original post

0 Kudos
Subscribe
13 Replies 13
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 7 2023 8:26 AM
‎Feb 7 2023 8:26 AM

You can track which port this machine is connected to by looking up your switch's MAC address table.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
EnzoLabruzzo
Here to help
‎Feb 7 2023 8:46 AM
‎Feb 7 2023 8:46 AM

Hello Alemabrahao.

 

Can you tell me how I can look for that Mac table on the switch?

 

Thank you,

0 Kudos
Subscribe
In response to EnzoLabruzzo
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 7 2023 8:49 AM
‎Feb 7 2023 8:49 AM

Is your switch Meraki or 3rd party switch?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
EnzoLabruzzo
Here to help
‎Feb 7 2023 8:52 AM
‎Feb 7 2023 8:52 AM

My switch is Meraki MS355

 

0 Kudos
Subscribe
In response to EnzoLabruzzo
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 7 2023 8:57 AM
‎Feb 7 2023 8:57 AM

If you click on Tools tab on the specific switch there's a button there. "MAC forwarding table" Hit Run.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
EnzoLabruzzo
Here to help
‎Feb 7 2023 9:03 AM
‎Feb 7 2023 9:03 AM

EnzoLabruzzo_0-1675789291551.png

Thanks, Execute to see the table and I try to look for the MAC and it does not appear.

0 Kudos
Subscribe
In response to EnzoLabruzzo
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 7 2023 9:05 AM
‎Feb 7 2023 9:05 AM

It doesn't look like a MAC address, can you share the email you received?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
EnzoLabruzzo
Here to help
‎Feb 7 2023 9:08 AM
‎Feb 7 2023 9:08 AM

Yes, That MaC seems strange to me.

 

EnzoLabruzzo_0-1675789707629.png

 

0 Kudos
Subscribe
In response to EnzoLabruzzo
alemabrahao
Kind of a big deal
Kind of a big deal
‎Feb 7 2023 9:13 AM
‎Feb 7 2023 9:13 AM

I think it's not a MAC address and it's IPv6 address.

 

MS switches can alert an administrator if a device is detected that appears to be using Network Address Translation (NAT). NAT on the LAN may indicate the use of a rogue AP or router, but also may be used for legitimate purposes with technologies such as containers, or tracking prevention. 

 

 

https://documentation.meraki.com/MS/Monitoring_and_Reporting/NAT_Detection_on_MS_Switches

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
EnzoLabruzzo
Here to help
‎Feb 7 2023 9:24 AM
‎Feb 7 2023 9:24 AM

I'm going to verify and anything I'll write another comment. Thank you

0 Kudos
Subscribe
In response to EnzoLabruzzo
ww
Kind of a big deal
Kind of a big deal
‎Feb 7 2023 9:19 AM
‎Feb 7 2023 9:19 AM

Maybe  a meraki ap using a ssid in nat mode?

Look in your inventory for a device with mac something like 11:2b

0 Kudos
Subscribe
In response to ww
EnzoLabruzzo
Here to help
‎Feb 7 2023 10:11 AM
‎Feb 7 2023 10:11 AM

If I have configured my AP in NAT mode, but none of the MAC addresses of the APs start with that IP, The other thing that seems strange to me is that the IPV6 Addresses have xxxx: xxxx: xxxx: this format and there it shows only xxx: xxx: xxx:.

I don't understand what could be happening.

0 Kudos
Subscribe
JacekJ
Building a reputation
‎Feb 10 2023 12:32 AM
‎Feb 10 2023 12:32 AM

Sorry for the offtop, but since Meraki totally fails communicating this issue I just want to let you know, that if you are using the "A client is detected sharing its IP address via NAT" alert, please be careful with that, it can cause performance issues on switches (some traffic gets dropped).

They were supposed to remove that option, but after few weeks, no luck (I'm not surprised to be honest, but disappointed), more to read about this in this topic:

https://community.meraki.com/t5/Switching/CAUTION-ALERT-if-A-client-is-detected-sharing-its-IP-addre...

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.