03-03-2017 09:12 PM
I want to ask that if somebody in our organization who is not allowed to use Wi-Fi can bind MAC address to his device which is allowed for W-Fi access by using open source application called CHAMELE MAC.
How to identify that user and stop him.???
03-04-2017 01:43 AM
You would configure IP and ARP spoofing in the global firewall parameters: http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Global_Firewall_Paramete.htm?Highlight=spoofing
The best way to protect against spoofing is to use 802.1x encryption, however. Using only an open or preshared key SSID has more limited protection for ip and ARP spoofing than an 802.1x SSID.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
03-04-2017 07:32 AM
Adding a full policy management solution is really the only solution. ClearPass can detect MAC spoofing and take appropriate action.
Also, just FYI, on most platforms, no third party software is required to spoof a MAC. On Linux and Mac, it's a simple command. Not even a reboot is needed.