Network Admin Life - Guest Wireless Fix?

I saw this years ago, and in the terms of your data the story goes: At 12:51PM Hao gets a lease valid for 16 hours, and within 8 hours turns off or loses wifi. At 6:22 AM, ~17.5 hours later April is given the address, which is ok. Now Hao gets back on wifi, on the same SSID: Hao's lease has expired, but it expired while the wifi interface was down, and the renewal/expiry timer never fired, so it keeps using the address until forever. You now have two devices with the same IP. I saw it first with iphones, and later with samsung;. My workaround was a huge dhcp pool and a 1 year lifetime, as the client is very likely to connect to another ssid during a year's absence. Whenever the phones change SSID, the lease gets cleared.
That doesn't explain the firewall spewing ARP replies at a relatively low rate and not being able to do anything else.

kkpdk

Just a suggestion. Look into dhcp snooping and arp inspection, if you don't already have these features enabled

changwang

fingers crossed you have resolved the issue for good...wishing u all the best in this coming back, God bless brother

mwafulirwa

Why would dhcp issue the same ip to another device if the lease time is not expired? Do you have more than one dhcp server with overlapping scopes?

drooplug

Pretty cool how you have a magical entity from another dimension helping you fix networking issues. 😂😂😂

Cyba_IT

Might be a very good idea to have a very short lease time for guest devices and some of these devices can use MAC randomization which can fill your scope

thomassmayhemfishingchanne

Hey what's up brother! Grace & Peace 2 U! Thanks a lot for this great troubleshooting video! I always enjoy your troubleshooting techniques! I take notes on the techniques and procedures you and many others use to troubleshoot the network! You can't have too many troubleshooting ideas in your tool box! Well I'm praying 4 U ad your family and I appreciate all that you do for us! God Bless brother!🙏🏽

samjones

Could be a person bringing in their own dhcp server in order to intercept traffic to the router. Have you disabled client to client traffic on the guest wireless? Enabled dhcp snooping, arp inspection on the switches?

theNeWo

Hi split that setup to 2 SSiD.
One should get the portal and one for employees only pre shared key.
Run 2 different ip scope with different renewal policies on the palo.

MrShayjan

Amen! Jesus is Lord! Love your content.

Corinthiansv-

Since the arps were comming from the fierewall and there was no requests from them it must be something in the firewall.

knightjocke

Is it possible some device was doing proxy-arp and not sending the responses back to the original node properly?

StrongbowTX

Running EXOS and VOSS? Nice! Assuming exos at edge and voss near the core?

anthonydefallo

Years ago I realized client devices on wireless is stupid. The device itself is stupid. So I always cross my fingers the AP / network does not have any issues.

idahofur