Could it be a loop in your network? Could you post an schematic of your network?
You mentioned this happens sporadically, perhaps some random device in your network?
Just to be sure, stop the loops:
uci set network.lan.stp='1'
uci commit network
ifup lan
To find the culprit first find the mac of your br-lan interface: ip link show br-lan | grep ether | awk '{print $2}'
Then use the mac in tcpdump:
tcpdump -i br-lan -evn not host 192.168.78.1 and ether host THE_MAC_HERE
This will show you any host using the mac address but not the router IP.
1 Like
Thanks both for your responses. I've set STP but unfortunately this has made no difference. I've had a look at the tcpdump but it's hard to read as there is a lot of data..... it appears that there are a number of the clients that have been picked up (possibly all of them but I've not done a match on every MAC address). I'm not sure what to make of the results if I'm honest. As there are so many results would this identify a misconfiguration, or should I be looking for something particular?
Thanks again for your help.
You can paste it here to have a look.
Thanks Trendy - I've sent you a PM.
So just to update for visibility to the forum - Trendy recommended the following script as it is more strict and should point only the lan host which is using the mac of the router, if any.
tcpdump -i br-lan -evn '(ether src host THE_MAC_HERE) and (not src host 192.168.78.1) and (src net 192.168.78.0/24)'
I've let the script run for around 4 hours but unfortunately it didn't pick up any results at all.
Any other suggestions would be most welcome!
Thanks again
Did you find any log while you were running this?
When I stopped the script it stated 0 packets captured:
Thanks Trendy...........
One thing I forgot to mention was my set up. I'm not sure if that might have any relevance but in any case:
Sky Q Hub -> LAN: (DMZ) Linksys WRT3200 (OpenWRT - Davidc502 r13342) -> Plume wireless SuperPod APs x4 (bridge mode) -> Wireless clients.
I also have a Linksys SE4008 WRT switch directly connected to the WRT3200 which serves a couple of wired clients. Would the switch have anything to do with the warning, and do I need to look into the WRT3200 port config at all? It was just a thought that occurred to me.
Thanks again!
There are 2 possibilities for receiving a packet with the mac address of the lan interface.
- Some host is spoofing it. This is close to impossible in a controlled environment if you didn't change the mac address yourself.
- You have a loop in the network. Given the amount of switches and bridges it is more possible. There must be only one cable running from one device to the other and the bridges should not form any kind of wireless connection between them.
1 Like
Ok thanks - that makes sense. I definitely haven't spoofed the router MAC address anywhere so item 2 looks more likely. As Plume AP's run a mesh network and I regularly roam around the house / APs I guess this may be a side effect. I will be more mindful of when I change location in the house and monitor the logs to see if I can find any patterns. I will also reach out to Plume support directly to see if they have any insight into the matter (Plume OS is also built on OpenWRT apparently) and will report back.
Thanks again, the support is really appreciated!
2 Likes
This is it! Your router has a wired connection to each AP, and the mesh network interconnects APs, creating a loop.
Hi,
Thanks for the response. I'm not 100% convinced about this if I'm honest as only one Plume AP has a wired connection to the router, the other APs create a wireless mesh to each other. I would assume that Plume would have thought about this when designing how the APs operate as my use case is very standard. Users only have two Plume configuration modes - router or bridge. I'm running them in bridge mode so they should take settings from the router (and do seem to).
As a note until recently I was running DD-WRT firmware for a long time with the same hardware, and didn't have any of these issues (just had other issues / lack of flexibility hence the move to OpenWRT). This leads me to believe that it's possibly my OpenWRT configuration that is at fault, not my Plume APs (which I can't really configure!).
Anyway thanks again, I'll see whether Plume support can shed any light.........
I am not aware of Plume or its products, however if it was one time thing, it could be explained with a change in topology of the mesh.
If on the other hand it takes place regularly you'll have to track it and fix it. Since only one AP has wired connection to the router, then I would focus on the mesh part.
1 Like
If there were a consistent loop, you'd expect that to rapidly fill up with copies of packets circulating. The symptom is that the network appears to lock up.
On the other hand, if the mesh very occasionally changes its topology, then a packet in the mesh might enter one side, and then the topology reconfigures, and it would exit back towards the router. If this happens briefly every so often, this is probably harmless.
Thanks - that's interesting. I'll bear in mind when reviewing the logs and timings, although I don't think I would necessarily know when the mesh reconfigures (the Plume app does identify network optimisations but these are few and far between, every few weeks, and certainly don't match the kernel warnings I get regularly each day). Another question for Plume.
Thanks
1 Like
I just observed similar symptoms on my r7500v2 configured as an AP only. Repeated kernel warning messages every couple of minutes. I don't use a mesh network but...
The AP only configuration I'm using has been stable in the past (I did not observe these symptoms - at least at this frequency); however, I just put this device back into service after a period of disuse for about a month and a half.
One recent change I made is to the switch config in which I configured one of the lan ports to forward my "trunk" network (two vlans) to a second AP. I tested this change and it functions like I want, but that AP is not on or even physically connected when these symptoms started.
EDIT: a warning message:
Tue Jul 7 08:57:51 2020 kern.warn kernel: [121402.650525] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:XX:59, vlan:0)
my vlan tags are 2 and 3...
I just tried enabling STP for both the br-lan iface (one of the vlans) and also on second br iface (the other vlan for wifi "guests") but 2-3 warning messages continue to show up in my logs every couple of minuets. As I use my logs, I don't want these messages spamming them. Aside form these warnings, I don't seem to have network issues.
Since my network config is different than the OPs I think I should start a new thread to post my config - but that may take a day or two.
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
k, guess I'll do this here and now (if the OP requests it, I'll move it to a new thread).
The following logread output while doing a tcpdump is probably most helpful. Note there are no clients on my lan (everything is off) and I own no device with the the mac address 33:33:ff:4c:08:59 (but the last 6 digits do match my eth1 mac...)
This a ipv6 misconfiguration on my AP (i.e. something I need to turn off given my router should handle ipv6)?
EDIT: "Use builtin IPv6-management" is currently checked for br-lan and the guest bridge. I'll try with that unchecked to see if it makes any difference. "IPv6 assignment length" is currently disabled on both bridges.
r7500v2 # tcpdump -i br-lan -evn not host XXX.XXX.45.25 and ether host XX:XX:XX:XX:08:59&
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
r7500v2 # logread -f
Tue Jul 7 11:06:12 2020 user.notice root: wol.sh: XXX.XXX.45.26 is alive
11:06:25.772097 XX:XX:XX:XX:08:59 > 33:33:ff:4c:08:59, ethertype IPv6 (0x86dd), length 86: (hlim 1, next-header Options (0) payload length: 32) fe80::IPv6:XXXX:XXXX:859 > ff02::IPv6:XXXX:XXXX: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener reportmax resp delay: 0 addr: ff02::1:ff4c:859
Tue Jul 7 11:06:25 2020 kern.warn kernel: [129117.176760] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:08:59, vlan:0)
11:06:29.691913 XX:XX:XX:XX:08:59 > 33:33:00:00:00:02, ethertype IPv6 (0x86dd), length 86: (hlim 1, next-header Options (0) payload length: 32) fe80::IPv6:XXXX:XXXX:859 > ff02::2: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener reportmax resp delay: 0 addr: ff02::2
Tue Jul 7 11:06:29 2020 kern.warn kernel: [129121.096581] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:08:59, vlan:0)
11:06:31.612075 XX:XX:XX:XX:08:59 > XX:XX:XX:XX:00:02, ethertype IPv6 (0x86dd), length 86: (hlim 1, next-header Options (0) payload length: 32) fe80::IPv6:XXXX:XXXX:859 > ff05::2: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener reportmax resp delay: 0 addr: ff05::2
Tue Jul 7 11:06:31 2020 kern.warn kernel: [129123.016714] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:08:59, vlan:0)
11:08:32.411965 XX:XX:XX:XX:08:59 > XX:XX:XX:XX:00:02, ethertype IPv6 (0x86dd), length 86: (hlim 1, next-header Options (0) payload length: 32) fe80::IPv6:XXXX:XXXX:859 > ff05::2: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener reportmax resp delay: 0 addr: ff05::2
Tue Jul 7 11:08:32 2020 kern.warn kernel: [129243.816088] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:08:59, vlan:0)
11:08:32.732064 XX:XX:XX:XX:08:59 > XX:XX:XX:XX:00:02, ethertype IPv6 (0x86dd), length 86: (hlim 1, next-header Options (0) payload length: 32) fe80::IPv6:XXXX:XXXX:859 > ff02::2: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener reportmax resp delay: 0 addr: ff02::2
Tue Jul 7 11:08:32 2020 kern.warn kernel: [129244.136164] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:08:59, vlan:0)
11:08:36.412237 XX:XX:XX:XX:08:59 > XX:XX:XX:XX:08:59, ethertype IPv6 (0x86dd), length 86: (hlim 1, next-header Options (0) payload length: 32) fe80::IPv6:XXXX:XXXX:859 > ff02::IPv6:XXXX:XXXX: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener reportmax resp delay: 0 addr: ff02::1:ff4c:859
Tue Jul 7 11:08:36 2020 kern.warn kernel: [129247.816317] br-lan: received packet on eth0.3 with own address as source address (addr:XX:XX:XX:XX:08:59, vlan:0)
r7500v2 # 6 packets captured
7 packets received by filter
0 packets dropped by kernel
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr 'XXX.XXX.0.1'
option netmask 'XXX.XXX.0.0'
config globals 'globals'
option ula_prefix 'IPv6:XXXX:XXXX::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1 eth0.3'
option proto 'static'
option ipaddr 'XXX.XXX.45.25'
option netmask 'XXX.XXX.255.0'
option gateway 'XXX.XXX.45.26'
option igmp_snooping '1'
option stp '1'
list dns 'XXX.XXX.222.220'
config switch
option name 'switch0'
option reset '3'
option enable_vlan '3'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 1t 2 3 4 5t 6'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1t 5t'
config interface 'guestWLAN'
option ifname 'eth0.2'
option proto 'static'
option ipaddr 'XXX.XXX.44.25'
option netmask 'XXX.XXX.255.0'
option igmp_snooping '1'
option type 'bridge'
option stp '1'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option country 'US'
option legacy_rates '0'
option channel '36'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'SSIDX5'
option key 'PPPPPPPP'
option wpa_group_rekey '86400'
option encryption 'psk2+ccmp'
option max_inactivity '3600'
option disassoc_low_ack '0'
option ieee80211w '1'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'SSIDguest5'
option network 'guestWLAN'
option encryption 'psk2+ccmp'
option key 'PPPPPPPP'
option wpa_group_rekey '86400'
option max_inactivity '3600'
option disassoc_low_ack '0'
option ieee80211w '1'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option country 'US'
option legacy_rates '0'
option htmode 'HT20'
option channel '11'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'SSIDX24'
option encryption 'psk2+ccmp'
option key 'PPPPPPPP'
option wpa_group_rekey '86400'
option max_inactivity '3600'
option disassoc_low_ack '0'
option ieee80211w '1'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'SSIDguest24'
option network 'guestWLAN'
option encryption 'psk2+ccmp'
option key 'PPPPPPPP'
option wpa_group_rekey '86400'
option max_inactivity '3600'
option disassoc_low_ack '0'
option ieee80211w '1'
firewall, dhcp, dnsmasq services are off and disabled for this AP only config...
1 Like
Out of curiosity, where did you read about using value 3 there?
And where is vlan1 defined?
Ha, i didn't. That's a leftover "misunderstanding" on my part from when I first set up the AP/vlan's. I think it should be 1. I can change it. Is that contributing to my symptoms?
EDIT: I have no vlan tag defined as '1'. Note my trunk line from my router comes into my AP on the WAN port if that matters...
router -> trunk (vlan 2 & 3) -> AP
i.e. my "network" only has two devices excluding ~9 wireless clients connected at the moment