big problem

here is what i have going on and give me some feed back as to how to deal with it.

1. im getting ip address conflicts out the ass on my canopy network with IPs i know i did not use

2. i cant ping or access my main AP’s…however i can ping and access remote AP’s that feed through my main ones.

3. my guess is that some mean person has put up some sort of box that is eating up my canopy ip range.

4. there is internet through the AP’s i cant access.

5. i have rebooted all the AP’s, CMMs, and managed switch.

6. for a brief period i was able to ping one of my APs but it was ping as if it was an SM…20-50ms

7. i did a tracert while i was able to ping the AP with no good results.

please dont say that i have never heard this before :slight_smile:

Do you have the MAC addresses of all your equipment documented?

Check the ARP table of the next hop router and compare the MACs in the table against what they should be.

If they are different, then something else is operating on that IP address, as you suspect. You can slove this by creating static ARP entries with the proper MACs in the router. That will at least get things flowing while you figgure out what/who is going on.

Hmmm . . .

Out of morbid curiosity; what exactly is reporting the IP conflict, that is, where are you seeing the message?

I have never seen a conflict message from a Canopy unit itself, nor experienced one in PRIZM, though my experience there is somewhat limited.

Typically the device that reports the conflict is part of the problem, at least from a LAN point of view. The easy guess would be one of the APs you can’t reach, and the quick fix would be to go to the tower site and plug in directly to the CMM or switch, unplugging stuff systematically until the situation returns to normal).

If the network is hosed, I would certainly head for the tower sooner rather than later.

Also, if you are using something really pedestrian for your IP scheme (ie. 192.168.0.x or 192.168.1.x) you’ll be cruelly abused each time some twit plugs in their router backwards (even more so than usual).

newcastle is right

Using 192.168.x.y even 172.16.x.y for AP or backhauls can cause a huge issue if your clients tie a router in. I would highly recommend changing over a 10.x.y.z range, this will give you an entire A class of IP’s to work with and 10.x.y.z is reserved for LAN.

This is a shot in the dark but sometimes it helps;

If you were unfortunate enough to use the 192.168.x.y ranges for your canopy network try this;

Connect to the canopy network, and then set your IP address for 192.168.x.# where number is a free IP address that is not being used for AP or backhaul, then ping 192.168.x.1. and 192.168.x.254, if they come back with replies then try loging into them from through a web browser, you would be surpised at how many people leave there routers username and password set as defaults. Log in and turn the stupid DHCP server off. Then grab the MAC address off of it whil your in there.

Hopefully you kept track of your clients MAC addresses, if you did then you can log into there radio and disable all traffic being sent out of it by going into advanced network config ( I do it this way because I have had issues with it coming back up sometimes on when I disable the ethernet port ).

If you are able to do this then you shouldn’t have a problem from them. You should also block, DHCP server in the advanced network config section on all of your SM’s so that this does not happen again, that option is in firmware from 7.x.x and up, not sure about any of the 6.x.x’s…

If don’t recieve a reply on the ping let it time out 4 times, at command promt do a arp -a, can’t remeber the unix/linux equiv, and check for the IP address in the arp table if there it should give you the MAC address of the device. If using all standard canopy backhauls, go into the bridge table on them, copy and paste it into notepad and do a search for that MAC. This can be a long process but it is better than going to every tower site and doing it.

Also if you are using 192.168.x.y, change this over to the ranges I mentioned before.

192.168.x.y for any network, other than a clients home or office network; is just EVIL :twisted:

I use the default 169.254.1.**

Its very odd cause @ some points i can login and ping one of the AP’s @ but then i cant ping…then it will change…i can i ping .10 but not .11 and then another AP

remember everything down stream of the AP still works

I see the IP conflict on my windows 2003 server, also on my cacti ez server. both IPs that i have had resevered for a long time. Im the only one who works on the network so im very confident that i did not use them twice. also it seemed to start happening this morning.

ok i ran a arp -a after a ping time out and i ran it twice and these are the results i got

00 0f 66 20 7b 40
00 13 10 cc 58 c9

if i get a ping result i get a
0a 00 3e 00 ** **

I havnt checked my network yet to try to find these macs but any idea what would cause this?

00 0f 66 20 7b 40 and
00 13 10 cc 58 c9

are both assigned to Cisco linksys, do you have any NAT disabled SM’s, I would disable the ethernet interface and see if the problem goes away…

also remember someone could be using a MAC spoofer…

I would say next time this happens and your arp shows a non Canopy IP MAC, use a port scanner to attact the device and see what ports are open, use security software to pull information of the device…

Are you using VLAN’s ? Are tbe NAT disabled SM on a seperate VLAN ?
What is the MVID ?

Any chance someone could have an SM registered that you do not know about ?

Target the NAT disabled guys…

we only require nat if they do not have a 3rd party router.

I tracked it down to two customers just moments ago and will boot them in a few…

i dont use vlans…yet

both offenders were on the same site.

thanks by the way… :smiley:

i’ve always stayed away from NAT disabling for this exact reason… although since the introduction of VLANS I am now ok with it…

every NAT disabled customer sits on their own VLAN, waste of IP address space but I only have a few to deal with, but it gives me security and peace of mind…

you think it was deliberate ? or a virus/rogue software ?

By default when windows DHCP times out it defaults to 169.254.x.y. This is more than likely your problem as your clients windows machines are more than likely taking up your network.

windows wont hand out a 169.254.1.** you are correct that they will hand out a 169.254..

I thought about changing the whole ip range but im only using
and i was already 300-400 customers deep before i figured it out. I wasnt suposed to be the network admin i kinda just fell into it when the other guy became useless. my next network lay out will most def be on the 10.10..

those offending macs were linksys routers which should not be anywhere close to that range.

I wouldnt doubt it if it was deliberate but being able to prove it is very difficult. Im happy “most” of the network wasnt affected by this but im unhappy that i had to work on a stupid problem for 9 hours straight.

thanks again for the quick replys

if you want to change IP addresssing scheme… you can script it… give the script a list of IP and and it will go change the config and reboot the SM.

We had a failure yesterday, I had to nock off all residential customers to keep the businesses up… I disabled 600 SM and then had to renable them once the problem was fixed…

scripted it all…

Hey VJ

Any chance of emailing me some of those scripts to use as examples?


how familiar are you with scripting…

save the following into a file and then run with an IP address of an SM to change its DNS servers

<password> = your full access password and then choose your DNS servers, you can modify the script to change what every you want.

search for curl on google, saves you reinventing the wheel

let me know if you need further help… others may be able to improve on this, do a GUI for it, replace prism maybe ?


cat | while read line
#Try to set the values.
curl -s -u " :<password>"
| grep -i “401” > $?

if [ $? -eq 0 ]; then
echo ./get_info $lineBad password
#Check if a reboot is neccesary
curl -s -u " :<password>" “http://$line/ipconfiguration.html” |
grep -i “reboot required” > $?
if [ $? -eq 0 ]; then
echo ./get_info $lineChanged and Rebooted
curl -s -u " :<password>"
> /dev/null
echo ./get_info $lineNo reboot Required

there is some other crazy stuff we are working on to help us make our lives easier and increase efficiency… :wink:

Thanks vj, all this goes over my head. I will pass it to my tech guy.

lol… let me know if they have any questions…