LogFAQs > #978624930

LurkerFAQs, Active Database ( 12.01.2023-present ), DB1, DB2, DB3, DB4, DB5, DB6, DB7, DB8, DB9, DB10, DB11, DB12, Clear

Topic List	Page List: 1
Topic	Today on weird network issues... An all 0s source MAC address? WTF
CableZL 02/02/24 11:14:46 PM #1:	At our branch locations, we have an active/passive pair of Fortigate firewalls. We have about 10 vlans at this particular location. We had a vendor on site to install a new device, but he couldn't get it working. He opened a ticket and it went to the on call network engineer. He asked me for help with it, so I took a look at it. There are a bunch of devices on this vlan and it's just this one device that isn't connecting. Everything else seems to be working properly. I started looking at the packets going back and forth between the firewall and the device. The device was getting DHCP properly and then sending ARP requests for the gateway IP. The firewall was responding to the ARP requests and saying that its MAC address was 000000000000. What the hell? I did a packet capture on the switch port that the device was connected to and tried to ping it from the firewall. Sure enough, the ping packet had a source MAC address of 000000000000. Traffic was still flowing properly to every other device on the vlan. I could ping other things just fine. We decided to fail over to the secondary firewall and the firewall started putting the correct source MAC address in the packet and the device started working. The on call network engineer opened a ticket with fortinet. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gif https://i.imgtc.com/vYYIuDx.jpg <cite>CableZL posted [p:978624930] in Today on w... [t:80686471]...</cite> <quote>At our branch locations, we have an active/passive pair of Fortigate firewalls. We have about 10 vlans at this particular location. We had a vendor on site to install a new device, but he couldn't get it working. He opened a ticket and it went to the on call network engineer. He asked me for help with it, so I took a look at it.There are a bunch of devices on this vlan and it's just this one device that isn't connecting. Everything else seems to be working properly. I started looking at the packets going back and forth between the firewall and the device. The device was getting DHCP properly and then sending ARP requests for the gateway IP. The firewall was responding to the ARP requests and saying that its MAC address was 000000000000. What the hell? I did a packet capture on the switch port that the device was connected to and tried to ping it from the firewall. Sure enough, the ping packet had a source MAC address of 000000000000. Traffic was still flowing properly to every other device on the vlan. I could ping other things just fine. We decided to fail over to the secondary firewall and the firewall started putting the correct source MAC address in the packet and the device started working. The on call network engineer opened a ticket with fortinet. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gifhttps://i.imgtc.com/vYYIuDx.jpg</quote> ... Copied to Clipboard!
Topic List	Page List: 1