wireless clients causing IP conflict/ARP cache issues intermittently

[Kremlar]

I have a very intermittent issue here I'm hoping someone has seen before.

Intermittently a wireless client will connect to the LAN and briefly use the same IP address as a device already on the LAN. This causes some other machines on the network to not be able to access the device that SHOULD be using that IP address because their ARP cache is remembering the wireless device that is no longer at that address. Clearing the ARP cache on the workstation and sometimes the router will clear up the issue.

I think what is happening is the wireless client is obtaining that IP address from a different LAN, then when they hop onto our LAN they keep that address from what I can tell very briefly, but enough to cause the conflict.

My question is - why is this happening? Why is it attaching itself to our LAN using that IP address in the first place? Is it the wireless access points allowing this to happen? Or something else?

Any advice appreciated.

 

[kevnich2]

I would look into your DHCP servers and look there first. We have alot of clients on our guest WLAN at work and I've never seen that issue but it all depends on the DHCP server you're using for that subnet.

 

[Kremlar]

The DHCP server is a standard Windows Server 2003 box, and according to its table the problem client with that MAC address has a different address within the DHCP range and not causing an issue - which it does by the time I'm aware of and see the issue. But an ARP lookup from a workstation verifies that the machine DID have an IP address it shouldn't have had.

The IP address the client has initially, when the issue is caused, is outside of the DHCP range so the DHCP server SHOULDN'T be assigning that IP. I've pretty much confirmed that the address causing the issue is initially assigned by a different network (say, home network).

I have never seen this happen before either which is why I'm suspecting the WAPs - this site is using a Motorola controller and WAPs that I have not used anywhere else. So, I'm wondering if this could be a firmware bug or something....

But I don't know enough about what normally prevents this from happening to know what could allow this from happening... if you know what I'm saying!

 

[Kremlar]

Happened again this AM. Turns out it is a user's iPhone. She goes home, connects to her wifi, and gets an IP address that happens to be the same IP as one of our servers.

She comes into the office this AM and the iPhone connects to our network and our ARP caches show her MAC address as having that same IP as she had from home. But our DHCP servers show her having a new IP address.

I think she's getting a new IP on our network, but initially she still has her home IP which causes this ARP issue.

Question is - why???