MAC table goes bad

Options
PeterUK
PeterUK Posts: 4,411 image  Guru Member
250 Answers 2500 Comments Friend Collector Eighth Anniversary
edited January 27 in USG FLEX H Series

Got this to happen again and on a test PC on VirtualBox

USG FLEX 200H V1.37(ABWV.0)

Note Source IP Spoofing Prevention was disabled when this happened

To make this happen you need to have one NIC get a IP from DHCP then you don't use that NIC and use another NIC and DHCP give out the same IP due to it thinking that the IP is no longer in use lease time 3 minutes.

So now the NIC gets this IP 192.168.255.40 for MAC PCSSystemtec_89:46:0f by DHCP which all looks fine gateway 192.168.255.39 with ARP

Screenshot 2026-01-27 005640.png

Then 192.168.255.40 pings 1.1.1.1 but the reply is to MAC PCSSystemtec_90:cc:fd that the USG is sending too.

Screenshot 2026-01-27 005735.png

and ping to 192.168.255.40 from USG is to the wrong MAC

Screenshot 2026-01-27 010401.png

Also DHCP renew fails to send the ACK to the wrong MAC

Screenshot 2026-01-27 005925.png

All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,531 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @PeterUK

    To better check this issue, could you share the captured packets with us?

    Zyxel Melen


  • PeterUK
    PeterUK Posts: 4,411 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    PM sent

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,531 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @PeterUK

    Thanks for the packet.

    I did a local lab but my USG FLEX H with 1.37 firmware didn't provide same IP address to another NIC of my PC in virtual box. My two NIC always get different IP address even I disable one NIC and wait another timeout.

    Please help to provide more details:

    1. Which OS are you running? I was running Win10.
    2. What is your NIC setting on the OS and virtual box.
    3. Please share more details about this. "you need to have one NIC get a IP from DHCP then you don't use that NIC and use another NIC and DHCP give out the same IP due to it thinking that the IP is no longer in use lease time 3 minutes."

    Thanks.

    Zyxel Melen


  • PeterUK
    PeterUK Posts: 4,411 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited January 29

    So the host is windows 10 the virtual box OS is windows 11

    Virtual box has two NIC set to bridged adapter for the same interface with different MAC but when running Virtual box you only have one connected at a time.

    It might be easier to cause this to happen when DHCP pool size is one but I think the way I did it was to set the NIC to static for that IP then when you set to DHCP which windows will do a discover with that requested IP.

    I'm not too sure how I caused it to happen but you can try this order

    DHCP lease time 3 minutes

    1. NIC1 connected only either set to static or maybe DHCP you may need to wait for renew to happen
    2. Disconnect NIC1 may need to wait 3 minutes connect NIC2 DHCP may get a different IP set IP to static that NIC1 had set NIC1 to DHCP when setting NIC2 then set NIC2 to DHCP

    I had to reboot the FLEX 200H but was able to cause the problem again so if you need to see the problem I can give you access.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)