This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AP310 won't adopt to VC

AP310 won't adopt to VC

Go to solution
JohanHendrikx
Contributor II

‎08-08-2022 04:47 AM

At a remote site I have 9 new AP310.

2 Ap's won't connect to the VC.

AP have an IP-address  and the DHCP server send option191.
AP cann't communicate with the gateway so no RF-manager can be found. Cann't ping the default gateway. Other devices (L2)  can be reached

In the logging of the AP I see:

Jan 01 01:47:47 2022: %DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found :Ethernet Src Mac: 00-04-96-A0-7C-1D, Ethernet Dst Mac: 00-DC-B2-3A-9B-EF, ARP Src Mac: 00-00-5E-00-01-01, ARP Dst Mac: 00-DC-B2-3A-9B-EF, ARP Src IP: 10.2.116.254, ARP Target IP: 10.2.116.1, Snoop Table MAC = 00-04-96-A0-7C-1D, Snoop Table IP = 10.2.116.254
Jan 01 01:47:47 2022: %KERN-4-WARNING: [ 1630.319376]

10.2.116.254 is the L3 router of that netwerk and is a VRRP configuration.

How can I solve this?
Johan Hendrik System Architect Audax
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Adam_Minowski
Extreme Employee

‎08-31-2022 03:51 PM - edited ‎08-31-2022 03:55 PM

VC functionality requires that all APs, meaning VC and rest of APs (adtoptees) to be in the same VLAN. Layer3 adoption is not supported.

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
Adam_Minowski
Extreme Employee

‎08-31-2022 03:51 PM - edited ‎08-31-2022 03:55 PM

VC functionality requires that all APs, meaning VC and rest of APs (adtoptees) to be in the same VLAN. Layer3 adoption is not supported.

0 Kudos

Go to solution
Christoph_S
Extreme Employee

‎08-10-2022 08:24 AM

Hello Johan,

If you have not done so yet, please implement the best practices firewall policy per this article: https://extremeportal.force.com/ExtrArticleDetail?an=000078342

All the recommended settings are therein. 

BR
Christoph S.
0 Kudos

Go to solution
JohanHendrikx
Contributor II

‎08-10-2022 02:23 AM

Hi @Angelo Cargnel,

Firewall policy wasn't active.

I will change those settings.

At this moment I solved this issue by setting:

%DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found:
"IP arp trus"on interface ge 1​

and 
%DATAPLANE-4-DOSATTACK: IPSPOOF ATTACK: Source IP is Spoofed
in the default firewall policy :
"no ip dos ipspoof


Question remains why 7 other AP's connect without any problem and 2  not.
Johan Hendrik System Architect Audax
0 Kudos

Go to solution
Angelo_Cargnel
New Contributor III

‎08-09-2022 06:17 AM

Hi Johan,

due to VRRP in your network, you have to disable "ip-mac conflict" and "ip-mac routing conflict" in the firewall policy.
This should solve your problem.


Best regards,
Angelo

0 Kudos
GTM-P2G8KFN