Apple devices spoofing default gateway?

• Previous message (by thread): Apple devices spoofing default gateway?
• Next message (by thread): Apple devices spoofing default gateway?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For those of us with Aruba wireless, www boy, could you share some more
info about your setup/code version/configuration/specific APs/controller
model(s)/etc?

Matt Freitag
Network Engineer
Michigan Tech IT
Michigan Technological University

We can help.
mtu.edu/it
(906) 487-1111


On Fri, Jun 7, 2019 at 3:06 PM Matt Hoppes <
mattlists at rivervalleyinternet.net> wrote:

> Turn on client isolation on the access points?
>
> > On Jun 7, 2019, at 3:00 PM, Hugo Slabbert <hugo at slabnet.com> wrote:
> >
> >
> >> On Fri 2019-Jun-07 16:21:29 +1000, www boy <wwwboy at gmail.com> wrote:
> >>
> >> I just joined nanog to allow me to respond to a thread that Simon
> posted in
> >> March. .
> >> (Not sure if this is how to respond)
> >>
> >> We have the exact same problem with Aruba Access points and with
> multiple
> >> MacBooks and a iMac.
> >> Where the device will spoof the default gateway and the effect is that
> vlan
> >> is not usable.
> >>
> >> I also have raised a case with Apple but so far no luck.
> >>
> >> What is the status of your issue?  Any luck working out exactly what the
> >> cause is?
> >
> > We appeared to hit this with Cisco kit:
> >
> https://www.cisco.com/c/en/us/support/docs/wireless/aironet-3800-series-access-points/214491-arp-responses-for-default-gateway-ip-add.html
> >
> > They don't say *exactly* that the Apple devices are spoofing the
> gateway, but some behaviour in what they send out results in the proxy arp
> being performed by the APs to update the ARP entry for the gateway address
> to the clients':
> >
> >> * This is not a malicious attack, but triggered by an interaction
> between the macOS device while in sleeping mode, and specific broadcast
> traffic generated by newer Android devices
> >> * AP-COS while in FlexConnect mode provides Proxy ARP (ARP caching)
> services by default.  Due to their address learning design, they will
> modify table entries based on this traffic leading to default gateway ARP
> entry modification
> >
> > The fix was to disable ARP caching on the APs so they don't proxy ARP
> but ARP replies pass directly between client devices.
> >
> > --
> > Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
> > pgp key: B178313E   | also on Signal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190607/23ea6f76/attachment.html>

• Previous message (by thread): Apple devices spoofing default gateway?
• Next message (by thread): Apple devices spoofing default gateway?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]