04-22-2015 05:34 AM
We have upgrade two controllers to AOS 6.3. Since then we have been seeing message like
Drop IP-Spoofing ARP-packet: smac:8c:29:37:14:b8:ed sender-mac:8c:29:37:14:b8:ed sender-ip:192.168.1.2 exsting-mac:04:f1:3e:bb:09:e0 on our guest access which will not allow the new user to pass traffic when there is a different mac with same ip on the user table. We are not seeing any of these messages on our 6.2.controllers. Any ideas?
04-22-2015 05:36 AM
Also, all of the ip addresses that the messages are showing are not in any of our DHCP ranges. these problems seem to be happening with iPhones.
04-22-2015 10:13 AM - edited 04-22-2015 10:18 AM
I did have something like this a while ago where corrupt ARP replies were being flagged and putting stations into the blacklist table. This would especially happen when someone fired up netstumbler on a client station.
We mitigated the problem by turning on proxy arp, so actual ARP traffic to client stations was rare.
(EDIT: But re-reading your post it would appear this is simply a case of bad DHCP client behavior,
as the log does not show bizarre values for the MAC/IPs. Investigate your options for Enforce-DHCP, it might help clear the user table of the old entries, and if not there is the aaa fast-timers thing.)