IOS 5.0.1 wireless Bug - DHCP

We discovered an interesting issue yesterday on our network, and upon much searching, I didn't see anyone else with the same conclusion.
Allow me to start by describing the issue.  It's happened on a few occassions in our network over the past several months (we recently started allowing Apple iOS devices on our network as Exchange Activesync clients), but I was finally able to narrow it down today. 
Issue: Certain iOS devices when connected to the wireless network retain their DHCP Lease from their home network in the background, while connecting to the business network with a like subnet.  The IP Address that the iOS device is retaining from home is NOT in the DHCP scope of the business network, but conflicts with a static assigned IP Address on one of the corporate network services (i.e. Print Server, Email Server, File Server, Database Server) in the like subnet.  For example "User A" running an iPhone 4S with iOS 5.0.1 has an Airport Extreme at home that assigns DHCP Addresses in the 10.0.0.x scope.  The Corporate DHCP Scope is 10.0.4.x-10.0.5.x with similar subnet.  "User A" connects to corporate network via wi-fi and is assigned an IP address of 10.0.4.x (but in the background the device is reserving 10.0.0.x from home Airport Extreme.)  Address 10.0.0.x belongs to back-end email server, and whenever "User A" turns their device on, it disrupts the network connectivity for the rest of the corporate network to the email server.  "User A" turns off wi-fi on iPhone, and normal corporate network operations resume.  In the past, the issue has conflicted with a less major server, or another windows client, and so a resolution was able to be acquired by renewing the IP Address on the Windows client computer.
The issue presents it self as one of our Windows Server machines complaining about an IP Address Conflict on the network.  Upon examining the Windows Event Viewer in the System Log, we discover an error message from the "Tcpip" service "The system detected an address conflict for IP address 10.0.0.X with the system having network hardware address 60:C5:47:XX:XX:XX. Network operations on this system may be disrupted as a result." Upon examining the mac address beginning with 60:C5:47 we discover this particular MAC Address range belongs to Apple Inc. (LINK)  This led us to search the building for the offending iOS device on which we were able to verify the Wireless MAC address.
In a similar forum post by a user in 2009, the suggestion was that the issue lay with the Windows computer.  Well, in that particular case, it was a Home PC, and the user was able to 'work-around' the bug by renewing their DHCP lease on their other client that was reporting the issue.  In our case, since the conflict occurs with a Network Server with a staticly assigned IP and services / certificates assigned to that interface, it's not as easy as renewing the IP address to allow the Windows computer to 'fix' the issue.  I believe the issue lies in the iOS wireless driver, and needs to be addressed by Apple Development team.  I'm not sure the best way to accomplish this, so I figured I'd start in the support forum. Since there wasn't a forum for iOS, I placed the issue under iPhone for Enterprise, though this issue is reproducable with iPad and iPod Touch also.
Here's a detailed post by Princeton University where they describe the issue in great detail. http://www.net.princeton.edu/apple-ios/ios41-allows-lease-to-expire-keeps-using- IP-address.html#chronology How can we get greater urgency to get this bug fixed?
I'd appreciate response / suggestions / input / feedback.
Thanks!
DRO4LIFE

This is nothing a feature like DHCP Snooping, IP Source Guard and Dynamic ARP Inspection couldn't resolve.  Why on earth would this be affecting the rest of your network?  If everything is properly segmented, it shouldnt matter if that thing boots up with your e-mail servers IP address.  If it is, you are using a big *** network like a /16 and simply dishing out certain ranges to certain functions rather than using proper subnetting.  I really hope this is not the case as thats a big mistake. 
If you have everything setup properly, I cannot see that device as affecting anything at all;  if it came up with that IP on your wireless subnet, no devices in other subnets should ever be trying to talk to that thing since that IP range is supposed to be reachable elsewhere, like your server subnet, not the wireless subnet.  Your other networks will always be forwarding traffic for your server to your server subnet, never to the wireless subnet.
If you are at all confused about what I am saying, let me ask you this.  What is the default gateway for your Wireless devices and what is the default gateway for your Servers?  If that answer is the same, there lies your problem.  Hire a network engineer to clean up that mess.  If it is not the same, then something like proxy ARP must be turned on since that incorrect IP should not affect anything other than itself with proper layer 3 boundaries.
If that is not an option, you should be able to use a combination of DHCP Snooping,IP Source Guard and Dynamic ARP Inspection to nip this problem in the butt if your running Cisco gear (if other gear, cross reference, I'm sure the feature exists with another name).  The only way for it to cause havok is if the offending device is producing an ARP reply for your servers IP.  If running Dynamic ARP Inspection, it should see the offender responding with an ARP for your servers IP which doesnt match what the DHCP snooping database has in it, and it will drop that ARP reply.  If by chance that offending device did try to transmit as your servers IP, IP Source Guard's dynamic PACL should have dropped that traffic since its source IP does not match what is in the DHCP Snooping database.
I am not doubting that a bug exists here, however a robust network infrastructure would not be affected by what you describe.  Those switch features were designed to halt malicious actions, whether performed intentionally or accidentally via a bug.  A network engineer worth his/her salt would have implemented that in their design.

Similar Messages

  • Recently updated iOS 7.1 additional fix bug and my phone keeps restarting

    Recently updated iOS 7.1 additional fix bug and my phone keeps restarting

    Yeah that is what I thought, but the passcode used to be alpha numeric and just changed to being 4 didgets and I don;t recall making that change.  This is only to approve updates on my iPhone.  The other issue is on my mac pro.

  • Need help with IOS commands to see wireless printer

    Seems that I'm not asking the question correctly, or providing the right information.
    The problem:
    I've purchased a wireless printer, (an HP 6500a) and I can not see / ping / use the printer on the wireless network.
    Environment:
    Cisco 891 ISR in standalone. Single office - Home-office environment. Nothing spectacular. WLAN connected and operational to the internet.
    The printer is configured to use a static IP of 10.0.0.3 and reports that it is connected to the AP. However, when I ping FROM the command line at the AP, I DO NOT see the printer. (I did previously, but we lost power last night due to a storm and I'm still trying to reconfigure it...) DHCP is configured on the router to exclude the range 10.0.0.1 through 10.0.0.99
    How do I configure the wireless router to allow any connected client to share files / printers etc? Seems that the Cisco router has this shut off
    by default and I've found nothing in the user manual or by asking for help on here how to reverse this so that I can share printers / files on the LAN.
    Please, I'm not stupid, but I'm only casually familiar with IOS and Cisco's networking terms.
    Thanks in advance,
    -Mike
    =============== Begin Wiresless AP config (running-config) ==============
    Current configuration : 3122 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname (Remnoved)
    enable secret 5 (Removed)
    no aaa new-model
    dot11 syslog
    dot11 ssid (Removed)
       vlan 1
       authentication open
       authentication key-management wpa
       mbssid guest-mode
       wpa-psk ascii 0 (Removed)
    username (removed)
    username (Removed)
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption vlan 1 mode ciphers tkip
    broadcast-key vlan 1 change 30
    ssid (Removed)
    antenna gain 0
    station-role root
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    encryption vlan 1 mode ciphers tkip
    broadcast-key vlan 1 change 30
    ssid (Removed)
    antenna gain 0
    dfs band 3 block
    channel dfs
    station-role root
    interface Dot11Radio1.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface GigabitEthernet0
    description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
    no ip address
    no ip route-cache
    interface GigabitEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address dhcp client-id GigabitEthernet0
    no ip route-cache
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    access-list 110 permit icmp any any echo
    access-list 110 permit icmp any any echo-reply
    access-list 110 permit icmp any any source-quench
    access-list 110 permit icmp any any packet-too-big
    access-list 110 permit icmp any any time-exceeded
    bridge 1 route ip
    banner login ^CC
    % Password change notice.
    Default username/password setup on AP is cisco/cisco with privilege level 15.
    It is strongly suggested that you create a new username with privilege level
    15 using the following command for console security.
    username <myuser> privilege 15 secret 0 <mypassword>
    no username cisco
    Replace <myuser> and <mypassword> with the username and password you want to
    use. After you change your username/password you can turn off this message
    by configuring  "no banner login" and "no banner exec" in privileged mode.
    ^C
    line con 0
    privilege level 15
    login local
    no activation-character
    line vty 0 4
    login local
    cns dhcp
    end

    Wireless clients can get on w/o issue. Nobody can ping anyone else or see them.
    No file sharing, no printer.
    Tried using the web-based config which works for some items, but wont access the advanced config.
    I'm on my way into town, so can't post the router config, but it is posted in my earlier question
    of last week. I can login later if you otherwise need it here.
    Thanks,
    -Mike

  • IPhone 4 email update continuously shows 'Updated 1/25/2012 6:45AM" after iOS 5.1 install.  Bug or Feature?

    Software bug in 5.1?  Symptomatic of other issue?

    I have been getting a similar crash since upgrading to iOS 5.1 - usually related to double-clicking the home button to bring up the running tasks bar.  Whereas my iPhone almost never crashed before, it is pretty regular now.  THe crash log indicates that the Springboard process is responsible.  I have filled out a bug report on the Apple web site twice, but nohing yet.  Hopefully this will be fixed with the next update.

  • Using X3500 as a Wireless Extender DHCP issue iPhone 6

    Hi
    Hopefully a simple question with a simple answer.
    Background:
    I've transitioned away from my ADSL ISP to a cable provider (VirginMedia). My new ISP comes with a cable modem (SuperHub 2 ac) and I've connected the two devices together to extend my home wireless network. The cable modem is The two routers are physically remote from each other - connected via just their Ethernet ports - via power-line technology (Devolo dLAN 1200+). The two routers have the same broadcast SSID albeit on separate channels.
    Issue:
    All devices in my house, laptops tablets, phones roam between the two wi-fi zones seamlessly *except* the iPhone 6 (iOS8.1), this works on the cable modem wi-fi - but not on the X3500 wi-fi. I also have an iPad Mini 2 (also iOS8.1) which also works - so rightly / wrongly I've ruled out iO8.1 as the issue. Oddly the iPhone 6 connects to the x3500 but doesn't obtain an IP address (the cable modem is the DHCP server). Even setting a static IP address doesn't help.
    Observation(s):
    If the X3500 is setup as a DHCP server, the iPhoen connects (and gets an IP address), but then the default gateway is incorrect (gatway is the IP address of the X3500 not the remote cable modem). I can't find anywhere to specify a default gateway in the setup.
    Question
    I'm beginning to think this is an issue with the iPhone 6 (knowing all other devices work correctly), but I just want to make sure I'm configuring the X3500 correctly. I'm specifically interested in the whether I'm using the right "Mode"ADSL / Ethernet. I've tried "Bridged Mode Only" (ADSL) and "Automatic DCHP Only" (Ethernet) but neither seem to resolve the issue that the iPhone 6 is having.
    any suggestions on how to resolve / troubleshoot would be most welcomed.
    Thanks!
    Solved!
    Go to Solution.

    Yes, there's a way for you to override the IP Address. It is on Router Address under Network Setup on the Basic Setup tab. If I'm not mistaken, one end of the Ethernet cable should be connected to the regular Ethernet port of the cable modem and the other end to the cable port of the X3500.
    But if it's just the iPhone that won't connect to the X3500, it might be okay to retain the current configuration of the router, but try adjusting the wireless security mode or set the wireless channel to 11 and observe what happens.

  • Problem iphone 4s with dlink 624s wireless with dhcp

    I heve a iphone 4s which is not stable in my wireless with a router dlink 624s and dhcp. Sometimes iphone runs okay, otherwise it is conect to the router but I cannot surf in the web, the iphone indicates "some problem with the server", even www.google.com doens't open in the safari, but it is connected because the simbol is present in the superior left corner of iphone.
    dhcp 192.168.0.110

    Configure the router to do DHCP automatically, try not to hard code the ip address.
    1. Try rebooting the router.
    2. See if there's a firmware update for your router.
    Read this: http://support.apple.com/kb/TS1398

  • Problem with iOS 7 - picture/video iMessages bug?

    I've been trying to send this in as feedback but it hasn't been going through. So I'll post it here. Maybe someone has an answer, or maybe it's a bug that Apple needs to look at.
    I think these are bugs. First of all, I love that we can now send up to 20 items that include both video and pictures.
    1) When sending images or videos via iMessage, it doesn't always work. It may work after I quit the photos and messages app a few times and then try to send, but if I send some and try to send some more right after (straight from the photos app), they don't go through. I get the message window open and I choose the recipient and I hit send, but nothing happens after that. The only way I've been able to get around it is to select the items and copy and paste them directly into the messages app. Please fix this, it would make things much more efficient.
    2) when there are multimedia messages, the messages app does not archive them in the conversation. Meaning, when you scroll up in a conversation, it continues to scroll up and the app loads every single message at once rather than giving you the option to pull down to load more. I've noticed that is still there when the messages are all text. But when there are pictures/videos involved, they don't get archived and this severely impacts loading time when opening up the messages. Sometimes they won't open at all and freeze because of all the memory it requires just to load everything. It happens on my end as well as with the person on the other end of the conversation - both of us are on iOS 7. I'm on an iPhone 4S and they have an iPhone 5. This has been happening since the upgrade to iOS 7.
    These are pretty big bugs and should be addressed ASAP. Thanks.

    I have had numerous problems with sending media in messages either from messages or from photos app as well.
    In general it seems this new os version was kind of rushed and is still very buggy throughout.  the 7.1 update should rectify the most common issues (i hope), but definitely try the feedback page again.

  • IOS 7.1.1 Wifi Bug ?

    Hello, I made an update to version 7.1.1 and after that i can connect to wifi only at a few cm from router if i get more distance betwen iPad and router i get message " Unable to connect to.. ". Can be that bug from iOS or ca be from wifi antena (i have drop once the ipad) i can change it but i want to know before do it. Thanks

    I vote for the antenna.  Million of other users (including me) have the same IOS without having that problem.

  • IOS 9 beta 2 update bug!

    A quick note: You might be getting a popup message from time to time while using BBM app (on iOS 9 beta 2) telling you that you are currently running an older version of the app - indicating the ignore and update option below the message. Just click the ignore option and continue using the app. It’s a bug waiting to be fixed!

    Hi raja777m,
    The PlayMemories Mobile app is currently compatible with iOS 7. - 8.4. There are no updates available for it to be compatible with the latest iOS version. Latest news and guides on the PlayMemories Mobile app is available here.
    If my post answers your question, please mark it as "Accept as Solution". Thanks_Mitch

  • "Restart Now" IOS command for 1310 Wireless Bridge

    I have 2 Cisco Aironet 1310 wireless bridges setup, line-of-sight, 3/4 mile apart, one as Root, the other as Non-Root.  Occasionally they drop their connection but a hard restart of either or both bridges will reestablish the connection.  What is the equivalent IOS command to the
    "GUI > System Software > System Configuration > Restart Now" command?  I would like to be able to telnet to either/both units and issue/script the appropriate command.

    the command is "reload"
    BRIDGE# reload
    Regards
    Surendra

  • IOS 6.1 still sound bug

    Dear comm, AND DEAR APPLE SUPPORT!
    It is really annoying!
    Today I have updated my iPad2-16GB-3G to iOS 6.1 and that bloody sound bug is still there.
    [Shortly the sound works and randomly after a short period of time it chrashes. No hardware key and no soft key works anymore. The soft key is gone.
    I saw several chats regarding the different iPhone / iPad versions dealing with the same prob.]
    I would appreaciate an opportunity to put more pressure on Apple to solve these problems. These wonderful gadgets like iPhone and iPad are that expensive!
    And one of the key functions does not work. A bug that is not fixed since month, now!
    and double it!
    To all persons concerend: Stand up and put pressure on the Apple support to solve that problem!
    THX and sorry for venting my anger!
    joapp

    First, Apple Support is NOT reading these forums. These are user to user technical help forums hosted by Apple. There are only other users here.
    You may have a hardware problem. Visit an Apple store for evaluation or contact Apple support.
    There is a chance that you have a bad Application on your iPad which is crashing the sound driver but, fron your description, this seem unlikely, however, give that possibility some consideration.
    Note: the majority of sound problems reported here are caused by the user having mute turned on and not realizing it. You don't seem to have that from your symptoms.

  • How to fix IOS 5 Podcast Bookmark Problem/bug

    I have an ipod touch 4 upgraded to ios 5. It no longer marks my place in podcasts. If I play part of a podcast, and then play something else, the podcast returns to the beginning when I go back to it. My podcasts are also no longer showing as listened to.
    There is a bookmark app. However, I am not sure it works with IOS 5.
    I couldn't find any way to report this bug to Apple

    no suggestions but i use to have the same problem but now my ipod will not turn off,display anything, not even sync to the computer so i can restore it. ALL IT SHOWS IS A BLANK WHITE SCREEN APPLE PLZ FIX THIS IOS 5 MESS PLZ!!!!

  • IOS 4 Contact Birthday Date Bug.

    iPad 2, iOS 4.3.3
    iPad iOS decreases by one day all birthday data of my 2150 contacts after syncing with my Google account immediately.
    I see this is a very old bug and you have to know about it.
    My day work is nowhere and I can start again.
    Don't tell me please I have to change all data manually again.
    Solve this bug at last. Be so kind.
    Thank you very much.
    Do you have any better solution already?

    Hello,
    I have the same problem, and it was the same even for previous versions of iPhone OS. I don't think it's a time zone issue, as I am living in Norway and the reports here are the same from various locations.
    However, I think I might have found a workaround for this problem. Normally I have my mail, contacts and calendar synced via Exchange. When I in addition to syncing with Exchange select "Sync contacts with Outlook" in the "info" tab in iTunes on my computer, the dates appear to be transferred correctly. But then again, this gives me several contact groups on my iPhone, whilst I really only want and need one group, the Exchange contacts. Anyway, the contacts appear only once when I select the "group" all contacts on my iPhone.
    Hope this can be of any help until the bug is fixed.

  • Iphone/IOS 6 and Enterprise Wireless Networks Issue

    Hi there,
    Our company runs Cisco wireless using WPA2 Enterprise and AD Authentication. Now we currently have multiple vendor phones/laptops working fine including Apple Macbook Pro's, Apple Iphone 4s, Samsung Galaxy S2/S3 working on the wireless without issue.
    However Ive been seeing issues with Iphone 5s and an Ipad now as well running IOS 6 where it just wont connect to the network. I am using Iphone configuration utility to install a Wireless profile with the certificate/AD credentials onto the Apple device.
    I just loaded the profile on an Iphone 5 and it worked straight away.
    However on ipad and other iphone 5's this is what happened, it associated to the Wireless but never got an IP address so never finishes connecting. just sits on spinning wheel.
    Here is some output from the Iphone configuration utility console:
    Nov 13 14:45:47 Sam-iPad eapolclient[2548] <Notice>: eapmschapv2_success_request: successfully authenticated
    Nov 13 14:45:48 Sam-iPad kernel[0] <Debug>: 285568.132121 wlan.N[12106] AppleBCMWLANCore::setCIPHER_KEY():  [eapolclient]: type = CIPHER_MSK, index = 0, flags = 0x0, key lenght 64, key rsc lenght 0
    Nov 13 14:45:48 Sam-iPad kernel[0] <Debug>: 285568.185043 wlan.N[12107] AppleBCMWLANCore:startRoamScan(): 3365 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
    Nov 13 14:45:49 Sam-iPad kernel[0] <Debug>: IO80211AWDLMulticastPeer::queuePacket ff:ff:ff:ff:ff:ff alllocate queue for ac 0
    Nov 13 14:45:58 Sam-iPad kernel[0] <Debug>: 285578.034874 wlan.N[12108] AppleBCMWLANCore:startRoamScan(): 3365 Delaying RoamScan; because  Join Mgr Busy 0 isWaitingforIP 1
    Nov 13 14:45:58 Sam-iPad kernel[0] <Debug>: 285578.060369 wlan.A[12109] AppleBCMWLANNetManager::handleDelayedPowerManagementTimeout():  Timed out waiting for IP address, entering powersave mode: 2
    Nov 13 14:45:58 Sam-iPad kernel[0] <Debug>: 285578.075638 wlan.A[12110] AppleBCMWLANNetManager::checkRealTimeTraffic():  now 285578.075633250 num entries 4
    Nov 13 14:46:06 Sam-iPad kernel[0] <Debug>: 285586.747324 wlan.N[12111] AppleBCMWLANCore:startRoamScan(): 3379 starting RoamScan; MultiAPEnv:0 isdualBand:1 isOn5G:0
    Is anyone else aware of this problem?

    iPhone 4s: iOS 6
    iPad 2 iOS 6
    iTunes 10.7.0.21
    Windows 7 Ultimate i5 / 8G RAM
    my iDevices will not sync anymore unless it is plugged in USB and turn it off and back on again while connected. is there going to be a fix for this? btw good job apple...-.-

  • Extending Wireless Network - DHCP Issues

    I have an Airport Extreme 802.11n and I want to extend the range of it with my Airport Express 802.11n. I found the "Designing Airport Networks Using Airport Utility" from the Apple support page. "Extending the Range of an 802.11n Network" on page 46 says to manually set up. Under "wireless" when I check the box to "Allow this network to be extended" I get a dialog box that says, Correct the 2 problems below before updating this Apple device. Those problems are DHCP Beginning Address 10.0.1.2 and DHCP Ending Address 10.0.1.200. The Airport Extreme has the IP Address of 10.0.1.33. It says the DHCP range you have entered conflicts with the WAN IP address of your wireless device. If I limit the beginning address to start at 10.0.1.34 should that solve my issue? Any help is appreciated.
    Thank You!

    Sorry but I should have read your original post closer.
    Since you already have a router distributing IP addresses, you don't need the AEBS doing that. Configure your AEBS so that it is acting as a bridge (not sharing a single IP address).

Maybe you are looking for

  • Unable to load many web based games after installing lion

    After installing Lion, I am unable to launch several online games (Pogo e.g.). What compatibility issues are being addressed?

  • Error while calling SPML web service call in OIM 11g

    Hi, While testing the SPML web service call, I am getting the "failure in security check" errors. And I have attached the request and responce . Request: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header xmlns:ns1="u

  • Tax Error & Rectified and getting error while realing accouting doc.

    Dear friends, User made a mistake while defing condition like didnt entered the tax code. While releasing Accouting document against that sale doc its giving error. So verified all conditions and maintained properly Tax code. Now when i am releasing

  • Removing Case-Sensitive HFS

    Dear all, I am using a MacBook Pro, and have been using this machine for so many months. When I started using it, I formatted it as Case-Sensitive HFS. However, by this time, Case-Sensitive is causing so many of my programs to not work correctly. So,

  • [Request] Anjal

    Anjal is an email client designed for netbooks, although it looks like it could be nice even if you don't use a netbook. It's the only email client I have seen that implements gmail-style (conversation) threading, which is slightly different than the