119 lines
2.9 KiB
Markdown
119 lines
2.9 KiB
Markdown
# MAC Address Swap Analysis - UDM Pro
|
|
|
|
**Date**: 2026-01-22
|
|
**Status**: ✅ **BOTH IPs NOW VISIBLE** - MAC addresses appear swapped
|
|
|
|
---
|
|
|
|
## Current UDM Pro Status
|
|
|
|
### ✅ All Three IPs Now Visible
|
|
|
|
1. **192.168.11.166**
|
|
- MAC: `bc:24:11:a8:c1:5d`
|
|
- Uptime: 3d 22h 39m 51s
|
|
- Activity: 0 bps
|
|
|
|
2. **192.168.11.167**
|
|
- MAC: `bc:24:11:18:1c:5d`
|
|
- Uptime: 3d 22h 40m 12s
|
|
- Activity: 55.5 MB (active)
|
|
|
|
3. **192.168.11.168**
|
|
- MAC: `bc:24:11:8d:ec:b7`
|
|
- Uptime: Jan 22 2026 1:36 PM
|
|
- Activity: 0 bps
|
|
|
|
---
|
|
|
|
## MAC Address Mapping
|
|
|
|
### Expected (From Container Config)
|
|
- **192.168.11.166** (eth0) → MAC `BC:24:11:18:1C:5D`
|
|
- **192.168.11.167** (eth1) → MAC `BC:24:11:A8:C1:5D`
|
|
|
|
### UDM Pro Shows (Swapped)
|
|
- **192.168.11.166** → MAC `bc:24:11:a8:c1:5d` (should be .167)
|
|
- **192.168.11.167** → MAC `bc:24:11:18:1c:5d` (should be .166)
|
|
|
|
---
|
|
|
|
## Analysis
|
|
|
|
### Why MAC Addresses Appear Swapped
|
|
|
|
**Most Likely Cause**: ARP table confusion from traffic routing
|
|
|
|
When we generated traffic from 192.168.11.166:
|
|
- The ping used `-I 192.168.11.166` to force source IP
|
|
- But the kernel may have routed via eth1 (192.168.11.167)
|
|
- This could cause ARP responses with wrong MAC
|
|
|
|
**Alternative**: UDM Pro may have cached old mappings from before the IP conflict resolution.
|
|
|
|
---
|
|
|
|
## Impact
|
|
|
|
### Functional Impact
|
|
- **Minimal**: Both IPs are visible in UDM Pro
|
|
- **Routing**: Still works correctly (kernel handles routing)
|
|
- **Firewall Rules**: May need to use IP addresses instead of MAC addresses
|
|
|
|
### Monitoring Impact
|
|
- **Traffic attribution**: May be attributed to wrong MAC
|
|
- **Client identification**: UDM Pro may show wrong MAC for each IP
|
|
- **Statistics**: May be slightly inaccurate
|
|
|
|
---
|
|
|
|
## Resolution Options
|
|
|
|
### Option 1: Wait for Natural ARP Refresh (Recommended)
|
|
- ARP entries expire after 4 hours
|
|
- UDM Pro will refresh with correct mappings
|
|
- No action needed - will self-correct
|
|
|
|
### Option 2: Clear ARP Cache (If Needed)
|
|
- Clear ARP cache on UDM Pro
|
|
- Force re-discovery of MAC addresses
|
|
- May require UDM Pro restart or manual ARP flush
|
|
|
|
### Option 3: Accept Current State
|
|
- Both IPs are visible and functional
|
|
- MAC swap doesn't affect functionality
|
|
- Can be left as-is
|
|
|
|
---
|
|
|
|
## Recommendation
|
|
|
|
**Status**: ✅ **ACCEPTABLE** - Both IPs are visible
|
|
|
|
**Action**:
|
|
- **No immediate action required**
|
|
- MAC addresses will correct themselves over time (ARP refresh)
|
|
- Functionality is not affected
|
|
|
|
**If you need correct MACs immediately**:
|
|
- Wait 4 hours for ARP expiration
|
|
- Or manually clear ARP cache on UDM Pro
|
|
|
|
---
|
|
|
|
## Summary
|
|
|
|
**Good News**:
|
|
- ✅ 192.168.11.166 is now visible in UDM Pro
|
|
- ✅ 192.168.11.167 is visible and active (55.5 MB traffic)
|
|
- ✅ 192.168.11.168 is visible (VMID 10234)
|
|
|
|
**Minor Issue**:
|
|
- ⚠️ MAC addresses appear swapped in UDM Pro
|
|
- This doesn't affect functionality
|
|
- Will self-correct over time
|
|
|
|
---
|
|
|
|
**Status**: ✅ **SUCCESS** - All IPs visible, minor MAC swap (non-critical)
|