Education

Reply
Highlighted
Regular Contributor I
Posts: 236
Registered: ‎04-03-2007

MAC Spoofing issues

We are getting a number of clients that are being denied access because they are perceived as being the "new" MAC address in a triggered spoofing event. Out of about 1100 active connections this is affecting about 30-is users at any given time, confounding our Help Desk.
The "User idle timeout" in Aruba is set to 60 minutes. Clients authenticate via captive portal for this particular SSID (another SSID allows for Mac authentication but this does not appear to be affecting those vlans). Clients receive dhcp leases from our campus server. The dhcp lease time is set for 2 hours.
What appears to happening is that for some reason clients are legitimately receiving valid leases from the dhcp server but Aruba is still holding on to the previous session with a previous client and not allowing the new client access. because the dhcp lease times are longer than the Aruba session time-out it would make sense that Aruba should be letting go of idle users long before the lease gets recycled.
Any help would be appreciated. Attached is a snippet of syslogs.
Thanks,
Mike
University of Massachusetts Amherst
New Contributor
Posts: 1
Registered: ‎10-05-2009

Re: MAC Spoofing issues

Mike,

Were you able to resolve this issue?
I'm seeing the same behaviour.

Thanks!
Wim
Occasional Contributor I
Posts: 8
Registered: ‎12-21-2010

Re: MAC Spoofing issues

I also am seeing this issue, any known solutions?
Guru Elite
Posts: 20,581
Registered: ‎03-29-2007

Re: MAC Spoofing issues

Please open a support case so that they can get to the bottom of your specific situation. Those two issues were from 2008 and 2010 and most likely are from a different version of code than yours.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: