strange osx privacy address behavior
Matt Ryanczak
ryanczak at gmail.com
Fri Jun 1 21:19:37 CEST 2012
<chirp> <chirp> <chirp>
A couple more datapoints to add regarding this issue.
If I use a cheapo netgear AP with these problem macs the netgear reboots
if privacy is enabled. If privacy is disabled the netgear keeps on
working just fine. Some kind of strange framing issue?
All of these macs work fine over the wire. It is only wireless that has
issues.
Our standard APs are Cisco AIR-LAP1262N-A-K9 provisioned from a
AIR-CT2504-K9 WLC. Cisco TAC says "not us".
On 5/31/12 5:39 PM, Matt Ryanczak wrote:
> I've been troubleshooting a problem with some (not all!) OSX Lion
> machines failing to connect to hosts outside of the local network when
> using privacy extensions. I was wondering if anyone else has seen this
> problem before.
>
> Details:
>
> OSX 10.7.4 (or 10.7.3)
>
> privacy extensions are enabled:
> sysctl -A net.inet6.ip6.use_tempaddr
> net.inet6.ip6.use_tempaddr: 1
>
> The machine is able to pings its local default gw. The eui-64 address is
> used when this is done. This seems to be "normal" on osx.
>
> The machine is not able to ping any hosts outside of its subnet when
> privacy extensions are enabled. tcpdump on localhost shows that the
> privacy address is being used.
>
> Looking on the network via a mirror port I see the router (Cisco) doing
> neighbor solicitations for the macs privacy address but I never see
> neighbor advertisement in response from the mac. Also the router does
> not show the privacy address from the mac in it neighbors table.
>
> If I disable privacy extensions on the mac everything starts working as
> one would expect.
>
> For giggles I rebuilt one of these macs with a fresh install of Lion. It
> worked for about an hour and then stopped working...
>
> I have three macs behaving this way (two 13" mbp, one 15" mbp) and
> another dozen or so (13" mba, 13"|15" mbp) that work fine with privacy
> extensions enabled. Has anyone ever seen something like this before?
>
> Thanks in advance!
>
> ~Matt
>
More information about the ipv6-ops
mailing list