I checked several time the issue and always find that this is not a real conflict but the system report conflict between connected devices and unconnected devices.
This isn’t something we can reproduce at our test sites or labs, so we need your help to understand what is going on at your location. I’ll DM you to see if you are interested in an invite so we can dig deeper.
It is really easy for me to replicate. Make sure you have at least two switches or two APs in your site, along with a route10. Unplug either a switch or an AP. Reboot route 10. It will then complain the entire time that switch or AP is unplugged, that there is a DHCP conflict with the unplugged device and a still plugged in device.
@rutman286 I’ve followed your steps to no avail. Please give a step-by-step guide including any non-default options you have set, including static IPs, etc.
I wish I could, but maybe you might be able tell me why my certs have suspiciously expired rendering my local site pretty much useless, along with all Alta devices showing as disconnected and no root access to anything. Literally a dead lab as we speak.
Did your Control instance have internet access or was it isolated? If it was allowed internet access, then it sounds like a bug of some form. Is this a container or appliance?
Let’s be frank, I have not touched anything. Your appliances have been online the entire time since it’s inception with a dedicated internet connection. This is a lab, nothing more, nothing less (Thank God)
I’m aware of the cert expirations assuming there aren’t any renewal functions, but this lab has been online for longer than 90 days. So maybe you can tell me why this has occurred since 1.1a?
What are your protocols for renewal? There is nothing on the UI, so I presume this would be modified through SSH. Again, no documentation or instructions, no indication of whether or not this would be auto renewed, nothing. Forgive my frustration, but I can’t be the only one here pretty much at wits’ end.
In my honest opinion, this all could’ve been avoided if I was not auto updated against consent, period.
Unfortunately, I can’t tell you why. Have you checked the date of the cert? It’s most likely expired given the behaviour, but the why is TBD.
You would need to connect to it via SSH, either to check or fix it. By chance is an SSH key installed? If you grep journalctl for uacme (journalctl | grep uacme), that may give an indication. Or there should be a logfile from it /tmp/uacme.log.
There is also a way to manually re-run the client on demand, also from shell: su - alta -c 'cd /usr/share/access/be && ./uacme.sh'
Quoting part of the initial post above, I would say I agree on it and have seen the same thing. If, there is a non-active conflict, meaning some disconnected device is still supposedly assigned to an IP, and some other device is assigned to and actually actively uses the same IP, it is falsely flagged as an active conflict.
@Beaker Under normal circumstances (Internet available at least once every 90 days), we are unable to reproduce any inability to renew the certificate, so we need your help in understanding what variables are in play in your site. We’re happy to attempt to reproduce once we know more, but we really need your patience and more information in order to make any progress. Also, your certificate issue is separate from the main topic of this post, and I think you’d get better support with a new topic.
@Astina14 We’re having difficulty reproducing anything similar in our lab… Are both of these devices set to DHCP? Are the APs serving both devices able to communicate with each other on the same management VLAN (this is required, btw)?
@Alta-Jeff
My system is very easy configured there is only one VLAN because it is for my home.
All wireless devices are set to DHCP so there is nothing that is special.
I have not checked if the devices that are reporting the conflict are on the same password.
I just can inform that yesterday I got even IP conflict on 2 disconnected devices but unfortunately I didn’t make a snip of it.
In my opinion disconnected devices IP address should not be in the DHCP table, they still can show on the UI but the system should know that the IP address is available because the other device is disconnected.
I go on the device list and press forget on the disconnected devices and the IP conflict disappears at once. This should really be an automatic process by the DHCP software. somehow it knows that the device is disconnected so why can it not just forget that device? Problem solved for my site anyway.
I can give you access to my site again so you can see that this is a simple system setup and nothing special.