Dear all,
we just installed fortigate 200D (FortiOS5.2) as cluster with 10 fortiAP 221AC managed by Fortigate. 2 SSID are brodcasted from fortigate through 10 fortiAP 221 AC. For each SSID there is one subnet (10.33.12.0/24 for WifiGUEST and 10.33.10.0/23 for WIFIPROD), the DHCP is provided by FORTIGATE.
The first SSID WIFIGUEST work like charm, but is very restricted. The second SSID WIFIPROD is WPA2 ENTERPRISE with radius on Windows Server 2008 R2 SP1. On this SSID some clients that tried to connect to it get IPCONFLICT ADDRESS even though their wlan adapter are DHCP configured. On each client issues I noticed that windows event log return the MAC ADDRESS of the supposed faulty device.
Everytime the MAC ADDRESS begin by 1A:5B:0E but this MAC Id seems to be an unknown vendor. Therefore I can't identify said device (Windows,IOS,Android, Tablet, Phone, PC ????)
It's very trouble us because we can't use our FortiAP to connect to Wifi.
So in my WIFI monitor there is no trace log whith MAC ADDRESS logged on windows log.
Here's what you can do;
port_scan the conflicting device
change the network range
exclude the conflicting device if the address stays the same
deploy tighter ping checks in the DHCP server for address conflict advoidance
Ken
PCNSE
NSE
StrongSwan
It may also be related to a known issue.
Try this workaround, and if it resolves the issue, open a ticket with TAC, PM me the ticket number, and I'll note it with a bug ID that we can use to track the fix:
config wireless-controller vap
edit ? //--find out the Virtual AP names defined on your unit, and choose the one associated with the affected APs/devices
unset broadcast-suppression
end
Regards, Chris McMullan Fortinet Ottawa
Hi Christopher, hi George
We have the same issue here with our FortiGate 300C Active/Passive Cluster (FW 5.2.3) with >60 FAP221B (FW v5.0-build075) and 6 different SSIDs. Only on 1 SSID shows this problem but we can reproduce the IP conflict immediately with several clients.
Wireshark shows us the following line: Duplicate IP address detected for 172.16.104.40 (1a:5b:0e:65:e8:d6) - also in use by 1a:5b:0e:10:39:23
As far as I can see on IANA Website, the vendor code 1a:5b:0e is not assigned to any vendor.
Is this a special MAC addres (maybe Multicast) ?
I have a support case open with the distributor in Switzerland. I sent them the link to this thread.
Thank you very much for any support.
Regards,
Konrad
I'm not sure what that MAC would be for.
Regards, Chris McMullan Fortinet Ottawa
Could it be a virtual nic adapter of some sort? or some other VIP like device ?
PCNSE
NSE
StrongSwan
@ Christopher :
I have the same issue and your workaround is working fine.
I have openned a ticket and if you want the number, you can send me an email.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.