Hi all,
I’m facing a strange issue in my LAN, where only from one tablet I can’t seem to ping or connect (SSH) to other hosts in the LAN.
If I ping from the affected tablet to the lan it goes in timeout; however if I ping from another device to the tablet it answers properly.
If from tablet I try to connect to LAN router on its LAN IP I get connection refused; however if I try to connect to router’s loopback address I can do it.
So it seems to me some sort of L2 LAN issue somewhere that affects only this device.
From other devices everything is fine within LAN; no problem going to internet also from the affected tablet. So it’s only an issue within LAN.
When from tablet I try to SSH to a Raspberry PI, I get connection refused; however from same tablet I can access the PI from a web service active on PI itself.
I have a CRS328 switch to connects all devices (including WiFi APs where the tablet is connected to).
All ports on LAN are not VLAN; I have only defined 2 ports (trunk and access port) for a single PC access on a VLAN 100 to a specific port of the main router for a second dedicated LAN2.
Is there anything that I can check on the switch to see why the issue with this device only ?
Currently on all APs and switch I don’t have any firewall enabled.
The only FW is enabled on the main router which provides access to Internet.
From LAN prospective everything is connected through the switch which has 2 ports going to the main router: SFP+ from router to switch defines the LAN (no use of VLAN on these ports) and 1 port connected to router in VLAN100 for a single PC access to a different subnet LAN2.
I have done some check between router and switch just to trace the affected device.
Device is an iPad and I have disabled the new “private IP” implementation (it was enabled up to few days ago).
Now the MAC address is not changed anymore.
The main router is also DHCP and I have checked that iPad’s IP is associated to the MAC address as indicated on iPad.
I have also checked router ARP table and I see good matching.
Then I moved to the switch (which is using RouterOs, but it’s setup as switch, no routing, no FW, only 1 bridge and all ports defined within it).
I can see the same MAC address in bridge → Hosts which comes in from the ETH port linked to AP that is roaming to.
I don’t see any duplicate MAC address associated to same IP, nor other strange things like this.
But there is still something about this IP/MAC address which creates the trouble on LAN. Device itself can communicate to Internet and I can share with other Apple devices (within LAN) data.
But when using SSH or MikroTik app to access router/switch on LAN (192.168.10.0/24) it refuses the connection; but accessing the same router using its loopback address (10.5.5.5) is fine, the connection is established.
Doing this same exercise on internal devices from another old iPad it all works fine as expected.
So it’s really something within LAN blocking this specific iPad to connect directly to other LAN devices with their LAN IP; accessing them on L3 works fine.
As another indication of something strange with the affected iPad, is when using the MikroTik app.
From the affected iPad I can’t see any MK device discovered in the app, while from the old iPad or iPhone I can see all MK devices listed there, like when checking from Winbox.
So there is really all indication about an issue between this iPad and the rest of the LAN, but I cannot think what to test/change to the switch to fix this.
But most of the devices work fine, except this one, so I can’t think of a config issue.