Controller-less WLANs

How to configure and troubleshoot "Drop bad ARP" option to prevent ARP attacks in Aruba Instant (IAP)?

This article explains the “drop bad ARP feature” introduced in IAP OS version 6.2.1.0-3.3.0.0.

“Drop bad ARP” is one of the methods of tackling ARP attacks on the network.

For any ARP packet from WiFi, if the ARP sender mac address and the Ethernet source mac address are different, the IAP drops the ARP packet and updates the dropped ARP counters.

 

The configuration and verification steps mentioned in this article are tested on IAP 105 running 6.2.1.0-3.3.0.0.

 

 

Environment : This article applies to all the IAPs running a minimum OS version of 6.2.1.0-3.3.0.0.

 

From WebUI:

  1. Navigate to Security > Firewall Settings
  2. Enable “Drop bad ARP” option from the drop down.

rtaImage.png

 

From CLI:

 

rtaImage (1).png

 

Verification:

show attack config” command shows whether “Drop bad ARP” option is enable or disabled.
Show attack stats” commands will show the number of bad arp packets that have been dropped.

 

 

rtaImage (2).png

 

A packet capture can help to verify why the ARP packets are dropped as shown below:

 

rtaImage (3).png

 

Here, the ethernet Source MAC and Sender MAC address are different in the sample GARP packet, hence, the AP will drop it.

Version History
Revision #:
1 of 1
Last update:
‎07-03-2014 07:22 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.