Hey all, I'm working with Sophos support on this issue, but thought I'd throw it out to the community since we're getting nowhere.
I have a small setup with about 70 users, ~110 devices, 2 subnets (on different interfaces) and 1 Astaro v9.003-16 handling Net Security and web security. I also have a network inventory/helpdesk ticket system running on this LAN.
Subnet 'A' = 10.0.0.0/24
Subnet 'B' = 10.0.50.0/24
(actual IPs may Differ [;)] )
Subnet 'A' = DHCP 10.0.0.21-150 for 129 possible devices. Only ~80 active
Subnet 'B' = DHCP 10.0.50.-125 for 75 possible devices. Only ~30 active
Problem:
Lately Astaro is counting devices filling the entire 'B' subnet. Under licensing it shows active IPs all over including 126-254 which is outside the DHCP scope.
The third party inventory server is counting these devices as well. Over 200.
They don't exist.
I have confirmed the following:
- No rogue DHCP device
- No packets going to or from these "extra" IPs (tcpdump on the Astaro)
- No extra physical devices connected to my LAN
- Any changes made to firewall/NAT near the time this happened have been revered or disabled
- I have cleared the device count on numerous occasions using a command given to me by support.
- No rogue wifi devices (war-walking)
- I can't ping or nmap the IP addresses
- I cannot find ANY MAC addresses associated with the IPs
- It began while using v8. I imaged the machine and installed v9 and the problem returned immediately.
- DHCP lease tables in Astaro do not show the over count of IPs
It should be noted that we did something funky when we began this LAN, but it never caused an issue before. When we roll out a new PC, we were setting it to DHCP, would get an IP from the server and then assign THAT IP to the PC statically using the NIC settings in Windows.
OKay now... ideas? Throw them at me please... Criticize my config if need be. I really want this fixed. It's been almost a month [:(]
This thread was automatically locked due to age.
