Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Interpretation and debugging "IP spoofing" SNMP traps.

This thread has been viewed 2 times

  • 1.  Interpretation and debugging "IP spoofing" SNMP traps.

    Posted Mar 09, 2017 02:02 PM

    Hi,

     

    In my snmp traps, could see certain "Severity 5(Major)" SNMP traps with event name "wlsxNIpSpoofingDetected" with messsage as :

    "IP spoofing detected for address 192.168.22.98; old mac 192.168.22.98 new mac 00:19:be:a7:95:30"

    Is there a way out to run debugging for this specific mac/IP in order to get more details for this snmp trap. 

     

    In addition to reflect this SNMP trap, will there be any mitigation action taken by controller, if yes what would that be?

    I am running with code 6.5.0.2.



  • 2.  RE: Interpretation and debugging "IP spoofing" SNMP traps.
    Best Answer

    EMPLOYEE


  • 3.  RE: Interpretation and debugging "IP spoofing" SNMP traps.

    Posted Mar 09, 2017 03:03 PM

    Thanks Joseph.

    But my concern is to obtain more details behind seeing these specific traps to evaluate what is happening with these particular mac/ip addresses. 

     

    Is there a way out to fetch more information against the 1 liner trap messages. Trap messages would to be too short to have proper interpretation of what had happened during the specific instant of time.

     

     



  • 4.  RE: Interpretation and debugging "IP spoofing" SNMP traps.

    EMPLOYEE
    Posted Mar 09, 2017 03:06 PM

    Did you read the articles?  They explain how it is done, why you might have false positives, etc.