All-Decade MVP 2020

MAC Spoofing issues

We are getting a number of clients that are being denied access because they are perceived as being the "new" MAC address in a triggered spoofing event. Out of about 1100 active connections this is affecting about 30-is users at any given time, confounding our Help Desk.
The "User idle timeout" in Aruba is set to 60 minutes. Clients authenticate via captive portal for this particular SSID (another SSID allows for Mac authentication but this does not appear to be affecting those vlans). Clients receive dhcp leases from our campus server. The dhcp lease time is set for 2 hours.
What appears to happening is that for some reason clients are legitimately receiving valid leases from the dhcp server but Aruba is still holding on to the previous session with a previous client and not allowing the new client access. because the dhcp lease times are longer than the Aruba session time-out it would make sense that Aruba should be letting go of idle users long before the lease gets recycled.
Any help would be appreciated. Attached is a snippet of syslogs.
University of Massachusetts Amherst
New Contributor

Re: MAC Spoofing issues


Were you able to resolve this issue?
I'm seeing the same behaviour.

Occasional Contributor I

Re: MAC Spoofing issues

I also am seeing this issue, any known solutions?
Guru Elite

Re: MAC Spoofing issues

Please open a support case so that they can get to the bottom of your specific situation. Those two issues were from 2008 and 2010 and most likely are from a different version of code than yours.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide