MAC Clone is Not My Friend



  • I have a Linksys wireless-N access point/router. It has a 'Mac Clone' feature. It copies the MAC address of the machine you are using to perform a web based setup.

     I have just bought an Android phone and I was browsing the web through the access point. All worked well until I turned on a laptop connected to wired ethernet indoors, and suddenly the web browsing experience for all wireless devices reduced around the house.

     Checking the linux dnsmasq logs on the file server I could see all the wirless devices DNS lookups worked, and web  browsing on the laptop also worked.  Eventually I pulled the network cable from the laptop and wireless web browsing resumed. I rebooted the access point and the ADSL modem but every time I plugged in the cable the wireless slowed down to a total crawl despite good connection speeds. 

     I realised that ARP stuff was working but IP wasnt. So I looked at the MAC address the AP was using and found it was the same as the laptop's wired MAC address. So the house ethernet switch was sending the packets to the laptop instead of the wireless router if it was turned on.

     Somebody (me) must have clicked that 'clone MAC' option a while back and forgotten it ...

     

     



  • That's not what "Clone MAC" is supposed to do.  It's supposed to use the workstation's MAC for its external interface so that you can get on the network if your ISP uses MAC address based filtering.



  • @mikedjames said:

    ... but every time I plugged in the cable the wireless slowed down to a total crawl despite good connection speeds.

    Why did it slow down to a crawl? Shouldn't it have stopped working at all if your switch sent all return packets to the laptop? Or was its default behavior when seeing the same MAC on two different ports "just choose a random port for each packet"?



  • @PSWorx said:

    @mikedjames said:
    ... but every time I plugged in the cable the wireless slowed down to a total crawl despite good connection speeds.

    Why did it slow down to a crawl? Shouldn't it have stopped working at all if your switch sent all return packets to the laptop? Or was its default behavior when seeing the same MAC on two different ports "just choose a random port for each packet"?

    I think two possibilities:

    • Switch somehow changed to broadcast mode for that mac (e.g. because it detected duplicate mac adresses)
    • Box bounced packets back to switch who then figures that a packet shouldn't be sent back to the receiving port but instead should be broadcasted/sent to the right port

    Altough both seem unlikely...



  • @mikedjames said:

    I realised that ARP stuff was working but IP wasnt. So I looked at the MAC address the AP was using and found it was the same as the laptop's wired MAC address. So the house ethernet switch was sending the packets to the laptop instead of the wireless router if it was turned on.

    I know the feeling... Reminds me of the first time I installed a brand new Sun server (a small Netra). It had multiple NICs, like most servers, and while it was unpleasant I had no problem assigning individual IPs with the LOM port. But for some reason the network connection was misbehaving. Turned out that the factory default for those servers was to have the same MAC on all NICs. That was the first time I ever had to set a MAC address manually.... Good times.

     



  • @thistooshallpass said:

    Turned out that the factory default for those servers was to have the same MAC on all NICs.

    ????????????? Why would that ever be a good default??



  • @dtech said:

    @PSWorx said:
    @mikedjames said:
    ... but every time I plugged in the cable the wireless slowed down to a total crawl despite good connection speeds.

    Why did it slow down to a crawl? Shouldn't it have stopped working at all if your switch sent all return packets to the laptop? Or was its default behavior when seeing the same MAC on two different ports "just choose a random port for each packet"?

    I think two possibilities:

    • Switch somehow changed to broadcast mode for that mac (e.g. because it detected duplicate mac adresses)
    • Box bounced packets back to switch who then figures that a packet shouldn't be sent back to the receiving port but instead should be broadcasted/sent to the right port

    Altough both seem unlikely...

    Third possibillity (which I just realized) :
    The switch was configured to overwrite its MAC -> Port mapping each time it saw an incoming packet with that MAC. So with both the router and the laptop sending packets to the switch, which ever device had sent the last packet got all the replies (until the other device sent the next packet).
    Does that make any sense or is it utterly stupid?



  • @Xyro said:

    @thistooshallpass said:
    Turned out that the factory default for those servers was to have the same MAC on all NICs.
    ????????????? Why would that ever be a good default??

     

    Well at the time I asked the same question on usenet, and was told that it does not matter to have the same MAC on the NICs since "usually" then end up on different networks...



  • @thistooshallpass said:

    Well at the time I asked the same question on usenet, and was told that it does not matter to have the same MAC on the NICs since "usually" then end up on different networks...





    I've long since had the opinion that "usually" is one of the most dangerous words that can come out of the mouth of a software designer or spec author.


  • Discourse touched me in a no-no place

    @thistooshallpass said:

    Well at the time I asked the same question on usenet, and was told that it does not matter to have the same MAC on the NICs since "usually" then end up on different networks...
    That's all very well if the 'locally administered addresses' bit is set, but if it's not, it's supposed to be globally unique.



  • The Access point is marketed/intended as a router for a connection to some external ethernet connected cable modem with direct connectivity to the ISP.  It is cheaper for me because it doesnt have an ADSL modem in it.

    Then MAC clone would make sense as you unplug your PC from the ISP's modem, put in the router and go wireless, while the ISP is unaware of the change.

    I use it connected to a switch so the 'internet' is actually the rest of the house network.

    I think the switch is using some algorithm like 'broadcast first packet on all ports until some reply to the originating MAC. Then route packets along that path. Timeout when no packets for a while - then switch back to broadcast. It felt like a packet about 10 seconds or so  , or like those dialup days at 14.4k or worse.  

     


     


  • @PJH said:

    it's supposed to be globally unique.

    Yup - "supposed" is the key word there. With a three-byte prefix, and three bytes for the device ID, this comes out a bit over 16 million unique devices per prefix. Turns out some makers just figure "eh, not likely they'll ever meet on a network segment" (which is somewhat reasonable assumption) and produce cards with duplicate MAC addresses. (of course, when you happen to hit the bingo, Fun Happy Times!)


  • Discourse touched me in a no-no place

    @piskvorr said:

    @PJH said:
    it's supposed to be globally unique.

    Yup - "supposed" is the key word there. With a three-byte prefix, and three bytes for the device ID, this comes out a bit over 16 million unique devices per prefix. Turns out some makers just figure "eh, not likely they'll ever meet on a network segment" (which is somewhat reasonable assumption) and produce cards with duplicate MAC addresses. (of course, when you happen to hit the bingo, Fun Happy Times!)

    There's a pretty major difference between:

    1. Possibly, maybe, you just might happen to have two devices with the same MAC on the same LAN and
    2. Deliberately setting the MAC on all interfaces to the same number


  • @mikedjames said:

    Then MAC clone would make sense as you unplug your PC from the ISP's modem, put in the router and go wireless, while the ISP is unaware of the change.

    Do any ISPs actually care about that any more? I've been using some sort of Linux firewall/router since about 1998 (playing with ipmasq on my 486 sharing 33.6k dialup to my then 10Base2 network, then from 2000 a P166 sharing 512k ADSL, but from 2005 various combined ADSL/ADSL2+ modem/routers) and never had any problems with multiple computers accessing the Internet. One ISP even actively supports Linux here.

    @mikedjames said:

    I use it connected to a switch so the 'internet' is actually the rest of the house network.

    Easiest just to make it a bridge so that the wireless clients and wired clients are all on the same network.



  • @Zemm said:

    Do any ISPs actually care about that any more?
    It's not that they care about computers, but with many cable connections, the IP is locked to your MAC. If you change the device connected to modem, you can either set it's MAC, or call the ISP and have them enter a new MAC. Guess which one is usually easier (and faster).



  • @mikedjames said:

    The Access point is marketed/intended as a router for a connection to some external ethernet connected cable modem with direct connectivity to the ISP.  It is cheaper for me because it doesnt have an ADSL modem in it.

    Then MAC clone would make sense as you unplug your PC from the ISP's modem, put in the router and go wireless, while the ISP is unaware of the change.

    I use it connected to a switch so the 'internet' is actually the rest of the house network.

    I think the switch is using some algorithm like 'broadcast first packet on all ports until some reply to the originating MAC. Then route packets along that path. Timeout when no packets for a while - then switch back to broadcast. It felt like a packet about 10 seconds or so  , or like those dialup days at 14.4k or worse.  

    So, basically, your WTF is that you've configured your wireless router for a situation that you do not have, and requires a network topology you've chosen to not have in order for it to work correctly.  You've found out, to your surprise, that it does not always work correctly, and are apparently wondering who could have chosen something so idiotic.  That answer is you (at least, I'm assuming you put in your own home network.  I realize that's not always the case, but it seems to be the most common situation on this forum.)

    Considering that your neighbors could theoretically compromise the wireless segment of your network by breaking your encryption password, why would you have your wireless network segment any further inside your home network than it needed to be?



  • @ender said:

    It's not that they care about computers, but with many cable connections, the IP is locked to your MAC. If you change the device connected to modem, you can either set it's MAC, or call the ISP and have them enter a new MAC. Guess which one is usually easier (and faster).

    I guess I'm spoilt/doomed using PPPoE - been using ADSL or ADSL2+ since the turn of the century as cable is relatively uncommon and expensive here. I've had the same IP address since moving to this house three years ago; changed modem/router device three times and never even looked into any MAC clone feature.



  • @Zemm said:

    I guess I'm spoilt/doomed using PPPoE - been using ADSL or ADSL2+ since the turn of the century as cable is relatively uncommon and expensive here. I've had the same IP address since moving to this house three years ago; changed modem/router device three times and never even looked into any MAC clone feature.

    The only place I've ever seen MAC cloning used was in college dorms. You had to sign up with your "one" computer, then tell your router to pretend to be that computer to keep the dorm network happy. I dunno if they still do it that way, and I was unsure of why they ever did it in the first place... maybe they think it reduces filesharing? I dunno.



  • @blakeyrat said:

    The only place I've ever seen MAC cloning used was in college dorms.
    I admit I haven't actually seen any need for a specific MAC address in years - the first cable modem I had was locked to a specific MAC from the ISP's side, but once that one died and was replaced, I only had to unplug it's power cord for about half a minute after changing the machine connected to it. My VDSL and fiber connection never cared about MAC addresses.


Log in to reply