Current Events > Today on weird network issues... An all 0s source MAC address? WTF

Topic List	Page List: 1
CableZL 02/02/24 11:14:46 PM #1:	At our branch locations, we have an active/passive pair of Fortigate firewalls. We have about 10 vlans at this particular location. We had a vendor on site to install a new device, but he couldn't get it working. He opened a ticket and it went to the on call network engineer. He asked me for help with it, so I took a look at it. There are a bunch of devices on this vlan and it's just this one device that isn't connecting. Everything else seems to be working properly. I started looking at the packets going back and forth between the firewall and the device. The device was getting DHCP properly and then sending ARP requests for the gateway IP. The firewall was responding to the ARP requests and saying that its MAC address was 000000000000. What the hell? I did a packet capture on the switch port that the device was connected to and tried to ping it from the firewall. Sure enough, the ping packet had a source MAC address of 000000000000. Traffic was still flowing properly to every other device on the vlan. I could ping other things just fine. We decided to fail over to the secondary firewall and the firewall started putting the correct source MAC address in the packet and the device started working. The on call network engineer opened a ticket with fortinet. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gif https://i.imgtc.com/vYYIuDx.jpg <cite>CableZL posted [p:978624930] in Today on w... [t:80686471]...</cite> <quote>At our branch locations, we have an active/passive pair of Fortigate firewalls. We have about 10 vlans at this particular location. We had a vendor on site to install a new device, but he couldn't get it working. He opened a ticket and it went to the on call network engineer. He asked me for help with it, so I took a look at it.There are a bunch of devices on this vlan and it's just this one device that isn't connecting. Everything else seems to be working properly. I started looking at the packets going back and forth between the firewall and the device. The device was getting DHCP properly and then sending ARP requests for the gateway IP. The firewall was responding to the ARP requests and saying that its MAC address was 000000000000. What the hell? I did a packet capture on the switch port that the device was connected to and tried to ping it from the firewall. Sure enough, the ping packet had a source MAC address of 000000000000. Traffic was still flowing properly to every other device on the vlan. I could ping other things just fine. We decided to fail over to the secondary firewall and the firewall started putting the correct source MAC address in the packet and the device started working. The on call network engineer opened a ticket with fortinet. </quote> ... Copied to Clipboard!
#2	Post #2 was unavailable or deleted.
Thermador446 02/02/24 11:31:12 PM #3:	Just swap out the 0s with 1s until it works --- "While you were wasting your time castrating a priceless antique, I was systematically feeding babies to hungry mutated puppies!" -The Monarch <cite>Thermador446 posted [p:978625144] in Today on w... [t:80686471]...</cite> <quote>Just swap out the 0s with 1s until it works </quote> ... Copied to Clipboard!
Naysaspace 02/02/24 11:33:38 PM #4:	i know at least 17 of those words --- leafs rule <cite>Naysaspace posted [p:978625164] in Today on w... [t:80686471]...</cite> <quote>i know at least 17 of those words </quote> ... Copied to Clipboard!
Guide 02/06/24 4:33:33 AM #5:	This doesn't actually answer why this happened and now I am slightly frustrated about it. I mean, the problem's solved, that's the important part, but why did it start? --- evening main 2.4356848e+91 https://youtu.be/Acn5IptKWQU <cite>Guide posted [p:978682520] in Today on w... [t:80686471]...</cite> <quote>This doesn't actually answer why this happened and now I am slightly frustrated about it. I mean, the problem's solved, that's the important part, but why did it start? </quote> ... Copied to Clipboard!
CableZL 02/06/24 9:32:29 AM #6:	Guide posted... This doesn't actually answer why this happened and now I am slightly frustrated about it. I mean, the problem's solved, that's the important part, but why did it start? Yeah, we've got a ticket open with Fortinet... I'm guessing the answer is gonna be a software bug, but we'll see. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gif https://i.imgtc.com/vYYIuDx.jpg <cite>CableZL posted [p:978685093] in Today on w... [t:80686471]...</cite> <quote>Guide posted... </cite><quote>This doesn't actually answer why this happened and now I am slightly frustrated about it. I mean, the problem's solved, that's the important part, but why did it start?</quote>Yeah, we've got a ticket open with Fortinet... I'm guessing the answer is gonna be a software bug, but we'll see. </quote> ... Copied to Clipboard!
divot1338 02/06/24 9:35:21 AM #7:	If its a software bug the. why did the problem go away with replaced equipment? --- Moustache twirling villian https://i.imgur.com/U3lt3H4.jpg- Kerbey <cite>divot1338 posted [p:978685139] in Today on w... [t:80686471]...</cite> <quote>If its a software bug the. why did the problem go away with replaced equipment? </quote> ... Copied to Clipboard!
Kazer 02/06/24 9:39:43 AM #8:	Naysaspace posted... i know at least 17 of those words https://www.youtube.com/watch?v=Ccoj5lhLmSQ --- Look! A distraction! <cite>Kazer posted [p:978685205] in Today on w... [t:80686471]...</cite> <quote>Naysaspace posted... </cite><quote>i know at least 17 of those words</quote>https://www.youtube.com/watch?v=Ccoj5lhLmSQ </quote> ... Copied to Clipboard!
CableZL 02/06/24 9:41:42 AM #9:	divot1338 posted... If its a software bug the. why did the problem go away with replaced equipment? Well, we haven't replaced anything as of yet. We just failed over to the passive firewall. My hunch is that some weird bug condition was triggered. Not a whole lot to go on as of yet to make a definitive finding, but that's what we've got so far. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gif https://i.imgtc.com/vYYIuDx.jpg <cite>CableZL posted [p:978685237] in Today on w... [t:80686471]...</cite> <quote>divot1338 posted... </cite><quote>If its a software bug the. why did the problem go away with replaced equipment?</quote>Well, we haven't replaced anything as of yet. We just failed over to the passive firewall. My hunch is that some weird bug condition was triggered. Not a whole lot to go on as of yet to make a definitive finding, but that's what we've got so far. </quote> ... Copied to Clipboard!
Topic List	Page List: 1

Current Events > Today on weird network issues... An all 0s source MAC address? WTF (+) Yeah! (+)

Current Events > Today on weird network issues... An all 0s source MAC address? WTF