Wireless Access

Reply
Contributor I
Posts: 81
Registered: ‎03-18-2013

Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

We have upgrade two controllers to AOS 6.3. Since then we have been seeing message like

Drop IP-Spoofing ARP-packet: smac:8c:29:37:14:b8:ed sender-mac:8c:29:37:14:b8:ed sender-ip:192.168.1.2 exsting-mac:04:f1:3e:bb:09:e0 on our guest access which will not allow the new user to pass traffic when there is a different mac with same ip on the user table. We are not seeing any of these messages on our 6.2.controllers. Any ideas?

Contributor I
Posts: 81
Registered: ‎03-18-2013

Re: Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

Also, all of the ip addresses that the messages are showing are not in any of our DHCP ranges. these problems seem to be happening with iPhones.

Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

[ Edited ]

 

I did have something like this a while ago where corrupt ARP replies were being flagged and putting stations into the blacklist table.  This would especially happen when someone fired up netstumbler on a client station.

 

We mitigated the problem by turning on proxy arp, so actual ARP traffic to client stations was rare.

 

(EDIT: But re-reading your post it would appear this is simply a case of bad DHCP client behavior,

as the log does not show bizarre values for the MAC/IPs.  Investigate your options for Enforce-DHCP, it might help clear the user table of the old entries, and if not there is the aaa fast-timers thing.)

Search Airheads
Showing results for 
Search instead for 
Did you mean: