Wireless Access

Reply
Highlighted
Contributor I
Posts: 151
Registered: ‎10-26-2016

Interpretation and debugging "IP spoofing" SNMP traps.

Hi,

 

In my snmp traps, could see certain "Severity 5(Major)" SNMP traps with event name "wlsxNIpSpoofingDetected" with messsage as :

"IP spoofing detected for address 192.168.22.98; old mac 192.168.22.98 new mac 00:19:be:a7:95:30"

Is there a way out to run debugging for this specific mac/IP in order to get more details for this snmp trap. 

 

In addition to reflect this SNMP trap, will there be any mitigation action taken by controller, if yes what would that be?

I am running with code 6.5.0.2.

Guru Elite
Posts: 21,271
Registered: ‎03-29-2007

Re: Interpretation and debugging "IP spoofing" SNMP traps.

Contributor I
Posts: 151
Registered: ‎10-26-2016

Re: Interpretation and debugging "IP spoofing" SNMP traps.

Thanks Joseph.

But my concern is to obtain more details behind seeing these specific traps to evaluate what is happening with these particular mac/ip addresses. 

 

Is there a way out to fetch more information against the 1 liner trap messages. Trap messages would to be too short to have proper interpretation of what had happened during the specific instant of time.

 

 

Guru Elite
Posts: 21,271
Registered: ‎03-29-2007

Re: Interpretation and debugging "IP spoofing" SNMP traps.

Did you read the articles?  They explain how it is done, why you might have false positives, etc.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: