Do you have packet captures? How many packets per second do you see on each of the categories?
That a gateway is doing ARPs for IPs that are not in use is probably a scan (or clients) trying to reach those IPs. If the firewall allows that traffic, it will do an ARP request for the IP. So for that one, check on the other interfaces/logs what client is trying to reach those IPs, or bring up a client with that IP and see the source IP as soon as the ARP is successful, or create a static ARP on your gateway.
The first step is to determine if the traffic is normal, if you see the same ARP multiple times a second, that is not normal, and you may reach out to your Aruba partner or Aruba support to get it analyzed. If you see repeating the same AP requesting ARP for the same other AP, it may be good to check if the AP is responding, and there may be an ACL in your network or so preventing the response to reach the original AP, or you may have a damaged cable that even may work in only one direction. The generic information above is far from sufficient to tell anything useful.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 15, 2021 04:08 AM
From: Aws Al-Dabbagh
Subject: Excessive ARPs between APs
Hello all,
we have 15 Instant APs (IAP-105) that we are using for WI-FI services in a small office. recently I have observed excessive ARP traffic on the Management network. so excessive that up to 93% of traffic on the IAP management VLAN is ARP traffic. (I have a separate VLAN for AP Management traffic. this VLAN is untagged on the switch port, and other data from SSIDs is tagged) the ARP traffic takes several forms:
* ARP floods of an AP requesting the MAC of another.
* Gratuitous ARP traffic from the Controller AP to the Virtual Controller IP (it should hold that IP itself)
* ARP floods from the Gateway of the Subnet (a Cisco Firewall) looking for an IP that doesn't exist on the subnet. (I have a case with Cisco about that traffic).
ARP traffic is fine and I have it contained on the AP management VLAN, except it's overwhelming the management plane on a switch that's the DHCP server for the VLAN.
any ideas what's the issue and how to stop it?
I'd appreciate any input.