Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

This thread has been viewed 0 times

  • 1.  Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

    Posted Apr 22, 2015 08:35 AM

    We have upgrade two controllers to AOS 6.3. Since then we have been seeing message like

    Drop IP-Spoofing ARP-packet: smac:8c:29:37:14:b8:ed sender-mac:8c:29:37:14:b8:ed sender-ip:192.168.1.2 exsting-mac:04:f1:3e:bb:09:e0 on our guest access which will not allow the new user to pass traffic when there is a different mac with same ip on the user table. We are not seeing any of these messages on our 6.2.controllers. Any ideas?



  • 2.  RE: Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

    Posted Apr 22, 2015 08:36 AM

    Also, all of the ip addresses that the messages are showing are not in any of our DHCP ranges. these problems seem to be happening with iPhones.



  • 3.  RE: Getting messages saying Drop IP-Spoofing ARP-packet: since upgrading to 6.3

    Posted Apr 22, 2015 01:14 PM

     

    I did have something like this a while ago where corrupt ARP replies were being flagged and putting stations into the blacklist table.  This would especially happen when someone fired up netstumbler on a client station.

     

    We mitigated the problem by turning on proxy arp, so actual ARP traffic to client stations was rare.

     

    (EDIT: But re-reading your post it would appear this is simply a case of bad DHCP client behavior,

    as the log does not show bizarre values for the MAC/IPs.  Investigate your options for Enforce-DHCP, it might help clear the user table of the old entries, and if not there is the aaa fast-timers thing.)