Latelly, our infosec crew have noticed a lot of wireless clients sending traffic out with the wrong source IP address. A lot of them are using T-Mobile and Sprint owned blocks, so our best guess is that it's smart phones sending traffic sourced from their 4G IP address, but using the wifi interface (this is a problem we've run into on the Linux IP stack many times over the years...)
My question, then, is how are people handling this kind of traffic? On the wired side, we handle it with DHCP snooping and dynamic ARP inspection. The Aruba controllers have the enforce-dhcp option, but it's not clear to me from what I've read that it'll actually restrict the client to only using the DHCP assigned IP address. If not, I'm assuming I'll have tofall back to setting inbound clients based on the client subnets.
thanks!