cancel
Showing results for 
Search instead for 
Did you mean: 

Spurious MDNS with IP 169.254.XX.XX

OUSUIXIN
New Contributor

Hello everyone! In my company's network, there are some Ruckus APs as well as some Cisco APs and Cisco Switches. We found a device on the management page of our Cisco Switch that doesn't exist in the topology. Its IP address is 169.254.xx.xx. After packet capture with Wireshark, we found there are some MDNS packet sent by Ruckus APs with ip 169.254.xx.xx. Maybe that is related to Bonjour Service (Once I disable the Bonjour Gateway, the phenomena above disappears)

I wan to know why Ruckus APs would construct and send such an MDNS packet? That makes me confused and brings some trouble to our control and management of device accessing in the network.

Can anyone help me with the above question? Many thanks!!!

9 REPLIES 9

OUSUIXIN
New Contributor

The Access Point I used is R650.

Squozen
Contributor III

Are you sure it’s not a device with a self-assigned IP on the network that is doing a multicast? The Bonjour gateway would just be relaying that broadcast to the other VLAN, it wouldn’t be coming from the Ruckus AP itself. You should see the same broadcast if you capture wifi traffic with a device on the SSID which the device/s are connected to. 

Yes, I'm sure the packet with source IP 169.254.XX.XX is created by Ruckus, Since its source mac address has a prefix registered by Ruckus (And Wireshark parses it as RuckusWi_XX:XX:XX)

Note that I configured a Bonjour Service Rule with SrvVlan 200 and CliVlan 800.

Besides the spurious MDNS packets with VLAN 800, there are some other MDNS packets with VLAN 200 according to the packets captured from the wired side. They have similar MDNS payload but differ from mac address, source IP address and VLAN. The spurious packets have source mac address RuckusWi_XX:XX:XX, source IP 169.254.XX.XX and VLAN 800. while the normal packets have source mac address like Chongqin_06:db:e9 and source IP like 172.160.200.59

OUSUIXIN
New Contributor

Yes, I'm sure the packet with source IP 169.254.XX.XX is created by Ruckus R650, since the source mac address of that packet has a prefix registered by Ruckus (And Wireshark parses the source mac address to RuckusWi_XX:XX:XX).

Note that I configured a Bonjour Service Rule with SrvVlan 200 and CliVlan 800.

Besides the spurious MDNS packet with Vlan 800, there are also another MDNS packet with VLAN 200 according to the packet captured on the wired side. They have the similar/same MDNS payload but the spurious one has source address RuckusWi_XX:XX:XX and source IP 169.254.XX.XX, while the other packet has source 92:2c:09:29:ee:64 and source IP 172.160.200.59.

Thank you for your kindly reply!