ARP CACHE POISONING
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-09-2017 03:39 PM
Hello Community,
I use ip mac conflict log only. AP75XX/AP65XX. WING 5.8.6+/5.9+.
Recently, in several deployments I saw a lot of this type of logs messages:
...%DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found :Ethernet Src Mac: ....., Ethernet Dst Mac: FF-FF-FF-FF-FF-FF, ARP Src Mac: ...., ARP Dst Mac: 00-00-00-00-00-00, ARP Src IP: ...., ARP Target IP: ...., Snoop Table MAC = ...., Snoop Table IP = ....
It seems the router is flooding some different info about mac adress table info with AP.
Can it cause any network issues ?
Thanks,
Aviv Kedem
I use ip mac conflict log only. AP75XX/AP65XX. WING 5.8.6+/5.9+.
Recently, in several deployments I saw a lot of this type of logs messages:
...%DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found :Ethernet Src Mac: ....., Ethernet Dst Mac: FF-FF-FF-FF-FF-FF, ARP Src Mac: ...., ARP Dst Mac: 00-00-00-00-00-00, ARP Src IP: ...., ARP Target IP: ...., Snoop Table MAC = ...., Snoop Table IP = ....
It seems the router is flooding some different info about mac adress table info with AP.
Can it cause any network issues ?
Thanks,
Aviv Kedem
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-27-2018 10:19 AM
Hello,
These Firewall (L2) Logs occur when the controller is running on the same data VLAN of an environment (which has servers, cameras, printers, and so on).
In my case, when I segmented the controller network into a separate VLAN (where it only has L2 traffic from the APs and controller), the problems have stopped.
I recommend doing a rework on the internal network, creating native / untagged VLANs to exchange traffic between controller and access point. The problems will disappear.
These Firewall (L2) Logs occur when the controller is running on the same data VLAN of an environment (which has servers, cameras, printers, and so on).
In my case, when I segmented the controller network into a separate VLAN (where it only has L2 traffic from the APs and controller), the problems have stopped.
I recommend doing a rework on the internal network, creating native / untagged VLANs to exchange traffic between controller and access point. The problems will disappear.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-27-2018 10:19 AM
Hello Richard,
Thank you for your support.
Aviv
Thank you for your support.
Aviv
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-27-2018 10:19 AM
Exactly. Put the Access Points with port configuration in hybrid mode. The Untagged VLAN is where the L2 traffic of the controller will pass. SSID traffic must pass through specific tagged VLANs.
These ARP Poisoning (and many others) errors occur here and are only in places where my network is flat.
These ARP Poisoning (and many others) errors occur here and are only in places where my network is flat.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-27-2018 10:19 AM
Hello Richard Augusto,
Do you mean a have to separate the controller vlan and the wlan traffic vlan?
Thanks,
Aviv
Do you mean a have to separate the controller vlan and the wlan traffic vlan?
Thanks,
Aviv
