Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor I

How to reject the second the same MAC Address

Is there a way to block the second the same MAC Address of the Client Connection

or detect MAC spoofing
Guru Elite

Re: How to reject the second the same MAC Address

Under Configuration> Advanced Services> Stateful Firewall, there is a "prohibit ARP spoofing parameter". Combine that with the "prohibit ip spoofing" parameter on the same page.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: How to reject the second the same MAC Address

After using this setting I can see from the LOG

<134>Mar 24 23:03:08 2011 authmgr: <522025> |authmgr| MAC=00:22:fb:62:6a:50 IP=0.0.0.0 MAC spoof from MAC=00:22:fb:62:6a:50
172.16.0.254 24/03 15:04:34.058

But the second MAC Address can continue to use the wireless network
Guru Elite

Re: How to reject the second the same MAC Address

Do both clients end up in the user table ? "show user"

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: How to reject the second the same MAC Address

Only one user
(Aruba3200) #show user-table

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------
172.16.0.250 00:22:fb:62:6a:50 00:22:fb:62:6a:50 authenticated 00:00:11 MAC 00:24:6c:cb:cb:15 Wireless aruba-ap/00:24:6c:3c:b1:50/g default-mac-auth tunnel

User Entries: 1/1
Guru Elite

Re: How to reject the second the same MAC Address

Is that the first user or the second user?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor I

Re: How to reject the second the same MAC Address

In USER_TABLE where USER is the first
Not the second USER
Only one USER in the USER_TABLE
But another of the same MAC can still connect to the AP
Guru Elite

Re: How to reject the second the same MAC Address

The second device can connect and pass traffic, but it is not in the user table? Please open a case so that we can replicate this.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: