Join us for a month-long contest with heaps of swag to win!Learn More ›
Update with detailed information.
Many Macbooks in the network keeps broadcast them as Gateway MAC that causes other Windows clients on the network could not access network.
So far, only Windows clients received bad ARP.
Macbooks, Mobile (iOS/Android) have not faced this problem.
On the network, we do setup dhcp snooping (Meraki at both layer 2 and layer 3 and wireless)
I have checked the Macbooks that broadcast ARP, but could not find anything special on them
This is a wireless network with client isolation setup.
any input appreciated!
Sounds like your DHCP server handing out the gateway's IP address to clients? Can you check the IP pool used by the DHCP server for that VLAN and ensure that it doesn't include the gateway address.
Yes, we have Gateway address on the DHCP pool.
Edit: The GW Address is excluded from the DHCP pool. It's weird as the problem only happens with Windows.
Mac, iPad, Android ... are fine.
Well strictly speaking I believe clients should do an ARP request for the IP address a DHCP server proposes before they actually start using it to avoid duplicate IP addresses. But maybe this sometimes fails and maybe the bevavior differs between OSes. Either way, your DHCP address pool shouldn't include addresses that are statically assigned so you should rectify that.
Edit: My bad, I misunderstood.
I excluded the GW IP from the DHCP Pool already, so I don't think DHCP is not the cause...
Some devices must be using the gateway's address for some reason. Do you know the devices behind those MAC addresses to check their configuration if that is indeed the case?
You could also use these instructions to try and locate them:
There could also be a rogue DHCP server on the network, the switch should detect it and show it in Switch > DHCP servers & ARP.
I have a couple of thoughts.
We have DHCP policy that blocks rogue DHCP servers by default.
On this SSID, we setup client isolation as well.
Wireshark showing that many Macbooks doing arp sniffing, however, when I look at these Macbooks, I don't see any abnormal..
When you execute ifconfig in terminal on these MacBooks, does the address show up on one of the interfaces?
No, the Mac only shows it's actual IP.
I think this is a similar case: https://mailman.nanog.org/pipermail/nanog/2019-March/100081.html
I opened a ticket with Meraki support.
He advise change to NAT mode ( - currently in Bridge mode ). But I cannot change to NAT mode because of our policy.
My colleague try to disable connectivity in Sleep mode to prevent this issue.
Could you add my skype for further discuss: thangphan205
Other guys mention that disabling Wake on LAN could fix the problem. However, we cannot do this as we don't manage the device. Meraki should fix the problem at their end (though they implemented ARP proxy - https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Broadcast_Suppression_and_Control...
You can check some information here: https://www.reddit.com/r/Cisco/comments/b6eiur/cisco_3802i_waps_change_capwap_gateway_due_to/
Has the DHCP server the correct router address in the Scope Options?
And if you have two DHCP-servers, is the standby server correctly replicated? I had issues when the primary DHCP- server didn´t replicate changes to the backup DHCP server.
Yes, the DHCP settings are correct.
Most of Macbooks broadcast ARP when they are in sleep mode, I ran pmset -a disablesleep 1 to disable wake on Lan on a test machine and the problem have not happened with that Mac.