Random IP addresses allocated to android clients

GAMe asked:

so here goes on this strange issue.

I have 1 Cisco Router (800 series), 1 Meraki MR12 AP and 1 x Windows server 2012 DHCP server with a subnet of 192.168.0.x

90% of the time clients connect fine with no issues however many Android mobile devices (Samsung in particular) seem to connect to my wifi but randomly are given a 10.10.10.x IP address with a gateway of 10.10.10.254. I have used fing and other tools on the mobile devices but cant ping the gateway and it also displays the vendor as Ralink Tech. I have searched my network for a MAC address which matches and also used wireshark to make sure there is no rogue DHCP server on the network. NMAP found something but it was on the outside of my network which seemed to originate through my ISP. There has been no DHCP relay setup and to my knowledge DHCP couldn’t work between subnets unless I had configured one. So what is this odd DHCP server and where is it coming from? I have also looked at my Meraki AP’s config and that is set to bridged NAT mode so shouldn’t be getting Meraki DHCP addresses.

Any thoughts?

Thanks

GAMe


I answered:

It sounds like you have your Meraki AP in NAT mode. In this mode the AP provides an isolated network to all the wireless clients, taking up the entirety of 10.0.0.0/8, provides its own DHCP server to those clients, etc. Wired devices on the network won’t be able to communicate with wireless devices connected to the AP. This is the default mode when you first create your network.

It sounds like you need to have the AP in bridge mode. In this mode, wireless devices are bridged to the same subnet as the one you have connected the AP to, which allows wireless and wired devices to communicate directly, and allows the wireless devices to get addresses from your existing DHCP servers.

The only caveat is that the adult content filter doesn’t work in bridge mode. However, you can still use Meraki’s reports to see who has been visiting adult web sites, if necessary.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.