Wireless Access

Hi,

After upgrade to firmware version  6.1.3.6 our Aruba 3400 controller, has started to spontaneously blacklist clients with the reason "IP spoofing".

Any ideas why this happens, and what can we try to fix it?

Thank you.

---

@TheMustangMan wrote:

Hi,

 

After upgrade to firmware version  6.1.3.6 our Aruba 3400 controller, has started to spontaneously blacklist clients with the reason "IP spoofing".

 

Any ideas why this happens, and what can we try to fix it?

 

Thank you.

---

There is a current bug with ip Spoofing incorrectly detecting clients and  Blacklisting them.  For now, please turn of ip spoofing and arp spoofing protection, for now.

It should be fixed in 6.1.3.7 when it comes out.

---

@cjoseph wrote:

There is a current bug with ip Spoofing incorrectly detecting clients and  Blacklisting them.  For now, please turn of ip spoofing and arp spoofing protection, for now.

 

It should be fixed in 6.1.3.7 when it comes out.

---

Thank you. Where do I turn these things off?

---

@TheMustangMan wrote:

---

@cjoseph wrote:

There is a current bug with ip Spoofing incorrectly detecting clients and  Blacklisting them.  For now, please turn of ip spoofing and arp spoofing protection, for now.

 

It should be fixed in 6.1.3.7 when it comes out.

---

Thank you. Where do I turn these things off?

---

First, see how many clients are currently blacklisted "show ap blacklist-clients" on the commandline or "Blacklist Clients" on the GUI.  You can then turn off ARP and IP Spoofing detection by going to Configuration> Advanced > Stateful Firewall and then unchecking those options.

I recently updated to 6.2 and 6.202.  The IP-spoofing if out of hand.  I had to turn it off.  Is there not a way to toggle it?  I would like IP Spoofing turned on but I was spending the better part of an hour releasing valid users.

---

@MemphisBrothers wrote:

I recently updated to 6.2 and 6.202.  The IP-spoofing if out of hand.  I had to turn it off.  Is there not a way to toggle it?  I would like IP Spoofing turned on but I was spending the better part of an hour releasing valid users.

---

what do you mean with toggle?

Hi 

We previously had 6.1.3.0 and  did not wanted to upgrade to 6.1.3.5 because of this false positive "IP-Spoofing" issue. We had to upgrade the firmware last week due to a known vulnerability issue. We figured if we skip the 6.1.3.X and  gone straight to 6.2.0. 3 since the problem was supposed to be resolved in 6.1.3.7. But what do you know. By the time we got report of clients not able to get on to our wireless network we had about 50+ users (most if not all Apple devices ) that were "black listed" . We had to turn off "Prohibit IP Spoofing". Will really like to know if Aruba know about this issue still exist and when will the fix come out

If you read the releasenotes you'll see that 6.2.x.x split off from the 6.1.3.5 release and has since not merged back yet.

That together with 6.2.0.3 still being an early deployement release ...

My bad for not reading the release note. But seriously, if this is a known issue for a while I would expect it been address in the new firmware release. Would you recommend to go back to 6.1.3.7? Thanks for the help.

If you don't have 7200 controllers, stay on 6.1.3.x.

$0.02.