Who's ARPing my Camera?

TheWaterbug

TheWaterbug

Known around here
Oct 20, 2017
1,072
2,044
Palos Verdes
I have a Blue Iris server box behind a port forward (port 81 only) from my pfsense 2.60 appliance, on a "things" subnet of my segmented network, along with my IP cameras, smart TVs, etc. All cameras have DHCP reservations:

1730566967923.png

One camera in particular, TrailDown (MAC 9c:8e:cd:2a:5f:4c, reserved at 192.168.1.51), keeps disappearing from the BI feed:

1730567193792.png

and there are messages in the BI server's logs of Changed to IP 192.168.1.251 and then Changed to IP 192.168.1.51

1730567013474.png

I checked the pfsense logs, and I see repeated messages of

Code: 
Oct 30 00:09:19 kernel arp: 192.168.1.251 moved from 9c:8e:cd:2f:d8:11 to 9c:8e:cd:2a:5f:4c on igc1

1730567051524.png

I never see log entries ARPing 192.168.1.51.

Those other MAC addresses 9c:8e:cd:2f:d8:11, a0:bd:1d:c4:64:2d, etc. are/were all cameras on the same subnet, some of which are active on other reserved IPs and some of which were removed from the network ages ago.

Is there any way to tell from within pfsense who/what is ARPing this camera to a different address?

Curiously, the camera interface itself has an option to allow/disallow ARP assignment, and it's disabled:

1730567125957.png

Yes, I know I can probably fix this by assigning a true static address at the camera itself, but I'd like to find out what's on my network doing this unwanted behavior!
 

Attachments

  • 1730567094340.png
    1730567094340.png
    72.5 KB · Views: 3
Take a look at:

Settings > Video > Configure > Skip initial MAC... tests.

If that's not checked, then BI can try to reassign IP addresses based on MAC.

If that's not it, then maybe the ntopng add-on for pfSense may show it. Or WireGuard.
 
  • Like
Reactions: TheWaterbug
Mike A. said:
Take a look at:

Settings > Video > Configure > Skip initial MAC... tests.

If that's not checked, then BI can try to reassign IP addresses based on MAC.

If that's not it, then maybe the ntopng add-on for pfSense may show it. Or WireGuard.
Click to expand...
It was unchecked, so I checked it. We'll see if the behavior improves.
 
TheWaterbug said:
It was unchecked, so I checked it. We'll see if the behavior improves.
Click to expand...
I haven't seen the problem since, so I'm checking that box for all of my cameras, now!!
 
  • Like
Reactions: Mike A.
I don't get why so many people resist assigning unique, static IP addresses to their cameras.:idk:
 
  • Love
Reactions: TechieTech and looney2ns
I strongly prefer DHCP reservations for just about anything other than a router or domain controller or other core infrastructure. Reservations allow me to:
  1. Preconfigure my DHCP server based on the MAC address on the product box, so it comes up from first power-up with a known address that I can get to, without having to fiddle with my computer's IP address
  2. Configure the device on my own network, then copy the MAC and set up the reservation on either of my other 2 sites' routers (with different subnets), and know that it'll work correctly immediately upon power-up when I deploy over there.
  3. Bring any device back from either of the other 2 sites to my home network for troubleshooting, etc., without having to fiddle with my computer's IP address.
  4. Make changes to multiple devices for things like NTP servers, default gateways, etc., from a single interface.
Of course everything breaks down if my DHCP server goes down, but my DHCP server is also my edge router, so if that goes down my whole network is down anyway.

Someday I suppose I might put all the cameras on a separate NIC, instead of just on a separate segment, and run a DHCP server on the BI box itself, but I'm not sure how much that buys me.
 
Whatever cranks your tractor and works for you. That said, I wonder though if you would have had the issue stated in your post #1 had you NOT been using DHCP for the cameras?
 
Last edited:
  • Like
Reactions: bigredfish, 0460dirt, Smilingreen and 1 other person
A static device like a IP cam doesn't need DHCP. It's your network so build as you wish. Makes no sense though......

I try to limit DHCP down to nothing if I can. Why? Someone can plug a variety of gizmos in to your switch and get an IP on YOUR network. At least it will slow the "honest" people down. Cisco frowns on this DHCP and open switchport stuff.
 
  • Like
Reactions: bigredfish
You must log in or register to reply here.
Top Bottom