There is a highly annoying feature of this router I would like to disable. When the router loses internet connectivity, it appears to change its WAN MAC address to a "dummy" address of "00:de:ad:xx:xx:xx" and "de:ad:de:ad:de:af". While I'm sure the designers of the device got a real kick out of that, it is causing problems with our cable modem service. See, our business cable internet connection allows up to 5 devices to be connected to the modem, and it determines the total number of connected devices by reading their ARPs. Unfortunately, the Netgear sends multiple ARPs with these dummy MAC addresses, causing those addresses to be reserved as 2 of 5 devices. Shown below is a screenshot of the modem page, showing all of the MAC addresses. Two of them come from the Netgear: I need a way to disable this; the device is taking up a MAC, and we need it for another device. I have tried setting a static MAC address on the WAN interface, but that does not disable this behvaior. Please advise.

I just want to make an update in this thread in case anyone else has the same issue. This has been confirmed to be a firmware issue. The DE:AD MAC addresses will only go out the WAN during the bootup process so the workaround for now is to;*Unplug WAN cable*Boot up unit fully*Plug in WAN cable Case number is 26945382 (for any Netgear support staff running in to this thread :-) )

That doesn't sound right and might indicate a hardware issue with the WAN port (or on ISP device), some units do this to indicate an error (https://en.wikipedia.org/wiki/Hexspeak#Notable_magic_numbers). Are you sure it's coming from the FVS? No other device connected? Can you do a packet capture from the WAN side of the FVS and verify that the source MAC address on frames coming from the FVS? You can do WAN packet captures from Monitoring -> Diagnostics.

Yes, I'm fairly sure it is coming from the FVS; those MACs only show up on the modem when the FVS is connected (and, incidentally, show up in the ARP tables of other devices connected to the switch that the modem, FVS and other devices are connected to). The MACs show up even when connected directly to the modem. I am unable to do a capture on the device, since the MACs only show up when the FVS can't pull an IP, and at that point when I try to do a packet capture the FVS complains that "The interface is down" & won't let me trace. I will try using port mirroring on a switch to see if I can capture the FVS traffic that way.

One thing I did find while browsing around the CLI: There are references to the de:ad address on the loopback interface. Here is the output of "util routing_table_ipv6": ::1/128 :: U 0 0 1 lo fc00::/128 :: U 0 0 2 lo fc00::1/128 :: U 0 0 1 lo fe80::/128 :: U 0 0 2 lo fe80::/128 :: U 0 0 2 lo fe80::/128 :: U 0 0 2 lo fe80::2de:adff:fe10:7500/128 :: U 0 0 1 lo fe80::2de:adff:fe10:7501/128 :: U 0 0 1 loNote the IPv6 loopback has numerous addresses, one of which has the exact same value as the MAC address listed in the modem screenshot (00:de:ad:10:75:00). As to why a loopback address on the FVS is showing up in the ARP tables of other devices..... no idea.

Another development: with port mirroring enabled, a packat capture on the mirrored port shows the following IPv6 broadcast packets send from the FVS: 02:00:42.820407 de:ad:de:ad:de:af > 33:33:00:00:00:02, IPv6, length 70: fe80::2de:adff:fe10:7500 > ff02::2: ICMP6, router solicitation, length 16 02:00:46.820232 de:ad:de:ad:de:af > 33:33:00:00:00:02, IPv6, length 70: fe80::2de:adff:fe10:7500 > ff02::2: ICMP6, router solicitation, length 16 02:00:50.820144 de:ad:de:ad:de:af > 33:33:00:00:00:02, IPv6, length 70: fe80::2de:adff:fe10:7500 > ff02::2: ICMP6, router solicitation, length 16

FVS336G changes WAN MAC address based on connectivity - how to disable this?

11 Replies

Danthem
NETGEAR Employee
May 31, 2016
I sent a pm
- train_wreck
  Luminary
  May 31, 2016
  Thanks.
  
  And my apologies, ff02::2 is a multicast address, not broadcast.
  - Danthem
    NETGEAR Employee
    Jun 01, 2016
    I just want to make an update in this thread in case anyone else has the same issue.
    
    This has been confirmed to be a firmware issue.
    
    The DE:AD MAC addresses will only go out the WAN during the bootup process so the workaround for now is to;
    *Unplug WAN cable
    *Boot up unit fully
    *Plug in WAN cable
    
    Case number is 26945382 (for any Netgear support staff running in to this thread :-) )
Danthem
NETGEAR Employee
May 31, 2016
Hey,

Interesting finds! I'll be in office in around 10 hours and will have a look at an FVS there then. Have you been in touch with Netgear support? Do you have any case id?

I'll drop you a pm later today with request for some further information.
- train_wreck
  Luminary
  May 31, 2016
  No, haven't contacted support yet.
  
  Do you happen to work for Netgear?
Danthem
NETGEAR Employee
May 30, 2016
That doesn't sound right and might indicate a hardware issue with the WAN port (or on ISP device), some units do this to indicate an error (https://en.wikipedia.org/wiki/Hexspeak#Notable_magic_numbers).

Are you sure it's coming from the FVS? No other device connected? Can you do a packet capture from the WAN side of the FVS and verify that the source MAC address on frames coming from the FVS? You can do WAN packet captures from Monitoring -> Diagnostics.
- train_wreck
  Luminary
  May 31, 2016
  One thing I did find while browsing around the CLI: There are references to the de:ad address on the loopback interface. Here is the output of "util routing_table_ipv6":
  
  ::1/128 :: U 0 0 1 lo fc00::/128 :: U 0 0 2 lo fc00::1/128 :: U 0 0 1 lo fe80::/128 :: U 0 0 2 lo fe80::/128 :: U 0 0 2 lo fe80::/128 :: U 0 0 2 lo fe80::2de:adff:fe10:7500/128 :: U 0 0 1 lo fe80::2de:adff:fe10:7501/128 :: U 0 0 1 lo
  Note the IPv6 loopback has numerous addresses, one of which has the exact same value as the MAC address listed in the modem screenshot (00:de:ad:10:75:00). As to why a loopback address on the FVS is showing up in the ARP tables of other devices..... no idea.
  - train_wreck
    Luminary
    May 31, 2016
    Another development: with port mirroring enabled, a packat capture on the mirrored port shows the following IPv6 broadcast packets send from the FVS:
    
    02:00:42.820407 de:ad:de:ad:de:af > 33:33:00:00:00:02, IPv6, length 70: fe80::2de:adff:fe10:7500 > ff02::2: ICMP6, router solicitation, length 16 02:00:46.820232 de:ad:de:ad:de:af > 33:33:00:00:00:02, IPv6, length 70: fe80::2de:adff:fe10:7500 > ff02::2: ICMP6, router solicitation, length 16 02:00:50.820144 de:ad:de:ad:de:af > 33:33:00:00:00:02, IPv6, length 70: fe80::2de:adff:fe10:7500 > ff02::2: ICMP6, router solicitation, length 16
- train_wreck
  Luminary
  May 31, 2016
  Yes, I'm fairly sure it is coming from the FVS; those MACs only show up on the modem when the FVS is connected (and, incidentally, show up in the ARP tables of other devices connected to the switch that the modem, FVS and other devices are connected to). The MACs show up even when connected directly to the modem. I am unable to do a capture on the device, since the MACs only show up when the FVS can't pull an IP, and at that point when I try to do a packet capture the FVS complains that "The interface is down" & won't let me trace. I will try using port mirroring on a switch to see if I can capture the FVS traffic that way.

Forum Discussion

FVS336G changes WAN MAC address based on connectivity - how to disable this?

11 Replies

Related Content

FVS336G v2 Logon GUI

Netgear R7000p change region

IPv6 - cannot change the setting

Base LAN address changes when Starlink looses satellite connection

Region change?

NETGEAR Academy

ProSupport for Business