Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor I
Posts: 9
Registered: ‎08-30-2010

How to reject the second the same MAC Address

Is there a way to block the second the same MAC Address of the Client Connection

or detect MAC spoofing
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Re: How to reject the second the same MAC Address

Under Configuration> Advanced Services> Stateful Firewall, there is a "prohibit ARP spoofing parameter". Combine that with the "prohibit ip spoofing" parameter on the same page.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎08-30-2010

Re: How to reject the second the same MAC Address

After using this setting I can see from the LOG

<134>Mar 24 23:03:08 2011 authmgr: <522025> |authmgr| MAC=00:22:fb:62:6a:50 IP=0.0.0.0 MAC spoof from MAC=00:22:fb:62:6a:50
172.16.0.254 24/03 15:04:34.058

But the second MAC Address can continue to use the wireless network
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Re: How to reject the second the same MAC Address

Do both clients end up in the user table ? "show user"
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎08-30-2010

Re: How to reject the second the same MAC Address

Only one user
(Aruba3200) #show user-table

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------
172.16.0.250 00:22:fb:62:6a:50 00:22:fb:62:6a:50 authenticated 00:00:11 MAC 00:24:6c:cb:cb:15 Wireless aruba-ap/00:24:6c:3c:b1:50/g default-mac-auth tunnel

User Entries: 1/1
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Re: How to reject the second the same MAC Address

Is that the first user or the second user?
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎08-30-2010

Re: How to reject the second the same MAC Address

In USER_TABLE where USER is the first
Not the second USER
Only one USER in the USER_TABLE
But another of the same MAC can still connect to the AP
Guru Elite
Posts: 20,002
Registered: ‎03-29-2007

Re: How to reject the second the same MAC Address

The second device can connect and pass traffic, but it is not in the user table? Please open a case so that we can replicate this.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: