cancel
Showing results for 
Search instead for 
Did you mean: 

AP310 won't adopt to VC

AP310 won't adopt to VC

JohanHendrikx
Contributor II
At a remote site I have 9 new AP310.

2 Ap's won't connect to the VC.

AP have an IP-address  and the DHCP server send option191.
AP cann't communicate with the gateway so no RF-manager can be found. Cann't ping the default gateway. Other devices (L2)  can be reached

In the logging of the AP I see:

Jan 01 01:47:47 2022: %DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found :Ethernet Src Mac: 00-04-96-A0-7C-1D, Ethernet Dst Mac: 00-DC-B2-3A-9B-EF, ARP Src Mac: 00-00-5E-00-01-01, ARP Dst Mac: 00-DC-B2-3A-9B-EF, ARP Src IP: 10.2.116.254, ARP Target IP: 10.2.116.1, Snoop Table MAC = 00-04-96-A0-7C-1D, Snoop Table IP = 10.2.116.254
Jan 01 01:47:47 2022: %KERN-4-WARNING: [ 1630.319376]

10.2.116.254 is the L3 router of that netwerk and is a VRRP configuration.

How can I solve this?
Johan Hendrik System Architect Audax
1 ACCEPTED SOLUTION

Adam_Minowski
Extreme Employee

VC functionality requires that all APs, meaning VC and rest of APs (adtoptees) to be in the same VLAN. Layer3 adoption is not supported.

View solution in original post

6 REPLIES 6

Adam_Minowski
Extreme Employee

VC functionality requires that all APs, meaning VC and rest of APs (adtoptees) to be in the same VLAN. Layer3 adoption is not supported.

Christoph_S
Extreme Employee
Hello Johan,

If you have not done so yet, please implement the best practices firewall policy per this article: https://extremeportal.force.com/ExtrArticleDetail?an=000078342

All the recommended settings are therein. 

BR
Christoph S.

JohanHendrikx
Contributor II
Hi @Angelo Cargnel,

Firewall policy wasn't active.

I will change those settings.

At this moment I solved this issue by setting:

%DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found:
"IP arp trus"on interface ge 1​

and 
%DATAPLANE-4-DOSATTACK: IPSPOOF ATTACK: Source IP is Spoofed
in the default firewall policy :
"no ip dos ipspoof


Question remains why 7 other AP's connect without any problem and 2  not.
Johan Hendrik System Architect Audax

Angelo_Cargnel
New Contributor III

Hi Johan,

due to VRRP in your network, you have to disable "ip-mac conflict" and "ip-mac routing conflict" in the firewall policy.
This should solve your problem.


Best regards,
Angelo

GTM-P2G8KFN