Weird conflicting IP issue

Discussion in 'Wireless Networking' started by Janet, Apr 17, 2008.

  1. Janet

    Janet Guest

    Here's a head scratcher:

    We've got three Cisco Aironet AP's connected to a Cisco managed switch
    and everything was working fine until someone brought their iPhone and
    Mac in. When they turn them on, the other wireless clients get the "there
    is
    an IP address conflict" popup over the system tray and traffic on the
    network
    becomes erratic or stops.

    As far as I know, all the devices on the network are DHCP. But as an
    experiment, I temporarily changed the inside addresses on the whole
    network from 192.168.0.X to 10.0.0.X. Like before, everything is
    fine until these Mac/iPhone devices are turned on. Then everyone gets
    the "there is an IP address conflict" popup again and traffic stops.

    If we assume that, say, the Mac isn't DHCP and has an address programmed
    into its stack (I'll go check it myself,) why would there be an IP address
    conflict reported even on the new subnet? If, say, the Mac had 192.168.0.1
    programmed into its stack, how would it conflict with any 10.0.0.X address?

    Thanks.
     
    Janet, Apr 17, 2008
    #1
    1. Advertising

  2. Janet

    John Guest

    You sure got me scratching my head. My wild guess is the subnet is too small
    (there are more devices than available IPs)? Or the DHCP (Cisco Aironet?)
    needs a bug fix? Does it have the latest firmware?

    "Janet" <> wrote in message
    news:...
    > Here's a head scratcher:
    >
    > We've got three Cisco Aironet AP's connected to a Cisco managed switch
    > and everything was working fine until someone brought their iPhone and
    > Mac in. When they turn them on, the other wireless clients get the "there
    > is
    > an IP address conflict" popup over the system tray and traffic on the
    > network
    > becomes erratic or stops.
    >
    > As far as I know, all the devices on the network are DHCP. But as an
    > experiment, I temporarily changed the inside addresses on the whole
    > network from 192.168.0.X to 10.0.0.X. Like before, everything is
    > fine until these Mac/iPhone devices are turned on. Then everyone gets
    > the "there is an IP address conflict" popup again and traffic stops.
    >
    > If we assume that, say, the Mac isn't DHCP and has an address programmed
    > into its stack (I'll go check it myself,) why would there be an IP address
    > conflict reported even on the new subnet? If, say, the Mac had
    > 192.168.0.1
    > programmed into its stack, how would it conflict with any 10.0.0.X
    > address?
    >
    > Thanks.
    >
    >
     
    John, Apr 17, 2008
    #2
    1. Advertising

  3. Janet

    smlunatick Guest

    On Apr 16, 7:48 pm, "Janet" <> wrote:
    > Here's a head scratcher:
    >
    > We've got three Cisco Aironet AP's connected to a Cisco managed switch
    > and everything was working fine until someone brought their iPhone and
    > Mac in.  When they turn them on, the other wireless clients get the "there
    > is
    > an IP address conflict" popup over the system tray and traffic on the
    > network
    > becomes erratic or stops.
    >
    > As far as I know, all the devices on the network are DHCP.  But as an
    > experiment, I temporarily changed the inside addresses on the whole
    > network from 192.168.0.X to 10.0.0.X. Like before, everything is
    > fine until these Mac/iPhone devices are turned on.  Then everyone gets
    > the "there is an IP address conflict" popup again and traffic stops.
    >
    > If we assume that, say, the Mac isn't DHCP and has an address programmed
    > into its stack (I'll go check it myself,) why would there be an IP address
    > conflict reported even on the new subnet?  If, say, the Mac had 192.168.0.1
    > programmed into its stack, how would it conflict with any 10.0.0.X address?
    >
    > Thanks.


    The problem is that the iPhone is also a "wireless" device which can
    be set with an IP address that is used on your network. You must have
    a few IP addresses that might not be "changed" to 10.0.0.xx.
    Routers / AP , printers / print servers and servers do not usually use
    DHCP assigned addresses.

    Or the iPhone is also behaving as a DHCP "server" assigning IP
    addresses. It could over lap your network.
     
    smlunatick, Apr 17, 2008
    #3
  4. Janet

    Janet Guest

    "John" <a> wrote in message news:...

    > You sure got me scratching my head. My wild guess is the subnet is too
    > small (there are more devices than available IPs)? Or the DHCP (Cisco
    > Aironet?) needs a bug fix? Does it have the latest firmware?


    The problem was isolated to the Mac computer. When I asked the user if
    it was programmed for DHCP, he said he "wasn't sure" and he'd "check it
    out." There hasn't been any trouble since then. I still can't understand
    how
    even a machine with a static IP programmed into it could conflict with any
    of
    our other DHCP devices even after changing the IP addressing scheme
    to a different subnet!
     
    Janet, Apr 18, 2008
    #4
  5. Janet

    Janet Guest

    I understand about the iPhone. That's why I mentioned it.

    There are three items on the network that are assigned a static IP address:
    the managed switch, the DSL router and one computer. During the
    troubleshooting, I changed all of these to different addresses in the
    original
    subnet 192.168.0 as well as the new one 10.0.0, yet the "conflicting IP"
    popup returned. So that doesn't explain it. Also, the DHCP table of
    assigned IP's never showed any conflicts. The DHCP server can hand
    out 200 addresses (far more than we'll use) and all the devices with static
    assignments are outside this range, of course.

    I understand what you're saying about a "rogue" DHCP server on the
    network. However, how would that explain the "conflict" popups
    after the subnet change from 198 to 10? In other words, how could
    this second DHCP server decide to begin assigniong 10. addresses
    after I changed the network numbering scheme?

    The problem was isolated to a Mac computer. I asked the user if
    it was programmed for DHCP. He said he "wasn't sure" and he'd
    "check it out." There hasn't been any trouble since then.

    I suppose this will be one of those mysteries that I'll take to
    my grave unsolved.


    "smlunatick" <> wrote in message
    news:...

    The problem is that the iPhone is also a "wireless" device which can
    be set with an IP address that is used on your network. You must have
    a few IP addresses that might not be "changed" to 10.0.0.xx.
    Routers / AP , printers / print servers and servers do not usually use
    DHCP assigned addresses.

    Or the iPhone is also behaving as a DHCP "server" assigning IP
    addresses. It could over lap your network.
     
    Janet, Apr 18, 2008
    #5
  6. Janet

    John Guest

    "Janet" <> wrote in message
    news:ee9S%...
    >
    > "John" <a> wrote in message news:...
    >
    >> You sure got me scratching my head. My wild guess is the subnet is too
    >> small (there are more devices than available IPs)? Or the DHCP (Cisco
    >> Aironet?) needs a bug fix? Does it have the latest firmware?

    >
    > The problem was isolated to the Mac computer. When I asked the user if
    > it was programmed for DHCP, he said he "wasn't sure" and he'd "check it
    > out." There hasn't been any trouble since then.


    Would you be able to find out what the user "checked out" on his Mac?
     
    John, Apr 18, 2008
    #6
  7. Janet

    Janet Guest

    "John" <a> wrote in message news:...

    > Would you be able to find out what the user "checked out" on his Mac?


    HAHA. I doubt it. You know, I'm just wondering if this guy had something
    "unusual" (meaning "shady") set up that was causing this and, when
    confronted
    with an office full of disconnected employees, quietly stopped doing
    whatever
    it was.

    I've been mulling over scenarios that might produce the "conflicting IP
    address"
    popups due to nefarious activities, and I can't come up with anything that
    would do it even after changing the inside IP addressing subnet except for
    maybe having two devices with identical MAC addresses (via mac-clone
    or something.) Having never tried it myself, I'm not sure how a DHCP
    server would handle that. But even in that scenario, how would it trigger
    the "conflicting IP" popup if it thought it was the same device? Or is
    there
    something besides the MAC address floating around in the packets that
    could reveal such a thing and trigger it?

    Another possibility, I suppose, is he was running something that attempts
    to masquerade as another wireless client for nefarious ends. Our Cisco
    AP's/managed switch is setup to prevent client-to-client traffic.

    Oh well. I'm not in a position to pursue it any further now that things are
    back to normal.
     
    Janet, Apr 18, 2008
    #7
  8. Janet

    smlunatick Guest

    On Apr 17, 7:12 pm, "Janet" <> wrote:
    > I understand about the iPhone.  That's why I mentioned it.
    >
    > There are three items on the network that are assigned a static IP address:
    > the managed switch, the DSL router and one computer.  During the
    > troubleshooting, I changed all of these to different addresses in the
    > original
    > subnet 192.168.0 as well as the new one 10.0.0, yet the "conflicting IP"
    > popup returned.  So that doesn't explain it.  Also, the DHCP table of
    > assigned IP's never showed any conflicts.  The DHCP server can hand
    > out 200 addresses (far more than we'll use) and all the devices with static
    > assignments are outside this range, of course.
    >
    > I understand what you're saying about a "rogue" DHCP server on the
    > network.  However, how would that explain the "conflict" popups
    > after the subnet change from 198 to 10?  In other words, how could
    > this second DHCP server decide to begin assigniong 10. addresses
    > after I changed the network numbering scheme?
    >
    > The problem was isolated to a Mac computer.  I asked the user if
    > it was programmed for DHCP.  He said he "wasn't sure" and he'd
    > "check it out."  There hasn't been any trouble since then.
    >
    > I suppose this will be one of those mysteries that I'll take to
    > my grave unsolved.
    >
    > "smlunatick" <> wrote in message
    >
    > news:...
    >
    > The problem is that the iPhone is also a "wireless" device which can
    > be set with an IP address that is used on your network.  You must have
    > a few IP addresses that might not be "changed" to 10.0.0.xx.
    > Routers / AP , printers / print servers and servers do not usually use
    > DHCP assigned addresses.
    >
    > Or the iPhone is also behaving as a DHCP "server" assigning IP
    > addresses.  It could over lap your network.


    If you checked the PCs and discover that one assigns a static IP, if
    your DHCP assigns the same IPs within the same subnet, if the DHCP
    service does not have advanced features (locating and isolating
    conflicting IP address) then you could get such an error.
     
    smlunatick, Apr 18, 2008
    #8
  9. "Janet" <> wrote in message
    news:...
    > If we assume that, say, the Mac isn't DHCP and has an address programmed
    > into its stack (I'll go check it myself,) why would there be an IP address
    > conflict reported even on the new subnet? If, say, the Mac had
    > 192.168.0.1
    > programmed into its stack, how would it conflict with any 10.0.0.X
    > address?


    How in the world did you re-address and whole network that fast???

    If you only changed the DHCP Scope that may take 4 days to fully take effect
    unless you went around and rebooted every machine or did a IPConfig
    /release/renew. And then after that you would still have to adjust devices
    that don't use DHCP,...and then after that adjust any Applications that have
    communication functions that may be effected by the change. It could takes
    days or maybe even weeks to correctly re-address a company network if it is
    anything more complicated than a "home-user" network.

    I suspect that not all the machines had moved to 10.* by that point and
    conflict just simply still existed on the 192.*

    Another thing is that you can only have an IP# conflict on a single pair of
    machines (the valid one and the intruder),...you can't have multiple
    machines conplaining about the same conflict because they would not all be
    using the same address in the first place. So when you say "wireless
    clients get the there is an IP address conflict", that just doesn't make any
    sense,...it can't be "clients",...it has to be "client".


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Apr 18, 2008
    #9
  10. Janet

    Janet Guest

    I manually changed the IP address of the devices with a static IP
    and the were already outside the DHCP scope. But the "conflicting
    IP" popups remained.

    "smlunatick" <> wrote in message
    news:b4baffa3-062a-4545-af41-

    If you checked the PCs and discover that one assigns a static IP, if
    your DHCP assigns the same IPs within the same subnet, if the DHCP
    service does not have advanced features (locating and isolating
    conflicting IP address) then you could get such an error.
     
    Janet, Apr 19, 2008
    #10
  11. Janet

    Janet Guest

    Good point about the not-yet-stale IP lease in the old subnet.
    However, when I changed the subnet, I took down the network
    for about five minutes thinking the clients would issue a new DHCP
    request when it came back. I've witnessed that behavior on
    my home PC when I unplug the switch.

    The funny thing is that the "conflicting IP" popup was, in fact,
    appearing on multiple machines. That's why I think there was
    something nefarious running on the suspect machine.

    "Phillip Windell" <> wrote in message
    news:eW708$...

    > How in the world did you re-address and whole network that fast???
    >
    > If you only changed the DHCP Scope that may take 4 days to fully take
    > effect unless you went around and rebooted every machine or did a IPConfig
    > /release/renew. And then after that you would still have to adjust
    > devices that don't use DHCP,...and then after that adjust any Applications
    > that have communication functions that may be effected by the change. It
    > could takes days or maybe even weeks to correctly re-address a company
    > network if it is anything more complicated than a "home-user" network.
    >
    > I suspect that not all the machines had moved to 10.* by that point and
    > conflict just simply still existed on the 192.*
    >
    > Another thing is that you can only have an IP# conflict on a single pair
    > of machines (the valid one and the intruder),...you can't have multiple
    > machines conplaining about the same conflict because they would not all be
    > using the same address in the first place. So when you say "wireless
    > clients get the there is an IP address conflict", that just doesn't make
    > any sense,...it can't be "clients",...it has to be "client".
    >
    >
    > --
    > Phillip Windell
    > www.wandtv.com
    >
    > The views expressed, are my own and not those of my employer, or
    > Microsoft,
    > or anyone else associated with me, including my cats.
    > -----------------------------------------------------
    >
    >
     
    Janet, Apr 19, 2008
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NNTP
    Replies:
    1
    Views:
    800
    Robert B. Phillips II
    Sep 14, 2004
  2. Kevin  Widner
    Replies:
    0
    Views:
    599
    Kevin Widner
    Sep 14, 2004
  3. Replies:
    7
    Views:
    4,494
    Aaron Leonard
    Aug 15, 2005
  4. =?Utf-8?B?c3Rhcmxpbmc=?=

    Conflicting Indicators about Network to which I'm connected

    =?Utf-8?B?c3Rhcmxpbmc=?=, Jan 29, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    421
    =?Utf-8?B?Sm9obg==?=
    Jan 30, 2006
  5. slumpy

    Conflicting programs

    slumpy, Jul 7, 2003, in forum: Computer Support
    Replies:
    16
    Views:
    680
    slumpy
    Jul 7, 2003
Loading...

Share This Page