01-18-2017 09:30 AM
Latelly, our infosec crew have noticed a lot of wireless clients sending traffic out with the wrong source IP address. A lot of them are using T-Mobile and Sprint owned blocks, so our best guess is that it's smart phones sending traffic sourced from their 4G IP address, but using the wifi interface (this is a problem we've run into on the Linux IP stack many times over the years...)
My question, then, is how are people handling this kind of traffic? On the wired side, we handle it with DHCP snooping and dynamic ARP inspection. The Aruba controllers have the enforce-dhcp option, but it's not clear to me from what I've read that it'll actually restrict the client to only using the DHCP assigned IP address. If not, I'm assuming I'll have tofall back to setting inbound clients based on the client subnets.
01-18-2017 09:35 AM
Utilizing the validuser ACL is an Aruba best practice.
01-18-2017 09:37 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
01-18-2017 10:25 AM
Thanks, guys! enforce-dhcp won't be an option for us until this summer, as we're running two sets of controllers on the same SSID to play around with the 8.0 code. In the meantime, it sounds like the valid-user ACL is the way to go.