Extreme Networks

Aviv_Kedem · ‎12-09-2017

Hello Community,

I use ip mac conflict log only. AP75XX/AP65XX. WING 5.8.6+/5.9+.
Recently, in several deployments I saw a lot of this type of logs messages:

...%DATAPLANE-4-ARPPOISON: ARP CACHE POISONING: Conflicting snoop entry found :Ethernet Src Mac: ....., Ethernet Dst Mac: FF-FF-FF-FF-FF-FF, ARP Src Mac: ...., ARP Dst Mac: 00-00-00-00-00-00, ARP Src IP: ...., ARP Target IP: ...., Snoop Table MAC = ...., Snoop Table IP = ....

It seems the router is flooding some different info about mac adress table info with AP.
Can it cause any network issues ?

Thanks,

Aviv Kedem

Richard_Augusto · ‎07-27-2018

Hello,

These Firewall (L2) Logs occur when the controller is running on the same data VLAN of an environment (which has servers, cameras, printers, and so on).

In my case, when I segmented the controller network into a separate VLAN (where it only has L2 traffic from the APs and controller), the problems have stopped.

I recommend doing a rework on the internal network, creating native / untagged VLANs to exchange traffic between controller and access point. The problems will disappear.

Aviv_Kedem · ‎07-27-2018

Hello Richard,

Thank you for your support.

Aviv

Richard_Augusto · ‎07-27-2018

Exactly. Put the Access Points with port configuration in hybrid mode. The Untagged VLAN is where the L2 traffic of the controller will pass. SSID traffic must pass through specific tagged VLANs.

These ARP Poisoning (and many others) errors occur here and are only in places where my network is flat.

Aviv_Kedem · ‎07-27-2018

Hello Richard Augusto,

Do you mean a have to separate the controller vlan and the wlan traffic vlan?

Thanks,

Aviv