Apple devices spoofing default gateway?

• Previous message (by thread): Apple devices spoofing default gateway?
• Next message (by thread): Analysing traffic in context of rejecting RPKI invalids
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are running 8.5 and 1815s and I don’t think we are seeing this problem.

We do have a very small number of 1810s and did see some strange behavior but it doesn’t seem to match this problem description.

Is proxy arp disabled on the default gateway device?  That could potentially interact strangely with the features mentioned in earlier posts and mentioned below.

> On Mar 14, 2019, at 4:40 PM, Simon Lockhart <simon at slimey.org> wrote:
> 
> On Thu Mar 14, 2019 at 04:19:04PM -0500, Jimmy Hess wrote:
>> Apple's Bonjour protocols include something called Apple Bonjour Sleep Proxy
>> for Wake on Demand ---  When a device goes to sleep,  the Proxy that runs on
>> various Apple devices is supposed to seize all the IP and MAC addresses that
>> device had registered, so it can wait for an incoming TCP SYN, (and if one's
>> received,  then signal the sleeping device to wake up and process the
>> connection.)
> 
> That's a very interesting observation - when we talk to the users of the
> Apple devices, they quite often say that the device was 'asleep' when it
> was sending these 'spoofed' ARP responses.

The "Information About Passive Clients” section of this document

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/wlan_interfaces.html

says:

"Wireless LAN controllers currently act as a proxy for ARP requests. Upon receiving an ARP request, the controller responds with an ARP response instead of passing the request directly to the client. This scenario has two advantages:

	• The upstream device that sends out the ARP request to the client will not know where the client is located.

	• Power for battery-operated devices such as mobile phones and printers is preserved because they do not have to respond to every ARP requests."


  Perhaps that function on version 8.5 is interacting incorrectly with the Apple Sleep Proxy feature on the Apple devices.

"When a sleep proxy sees an IPv4 ARP or IPv6 ND Request for one of the sleeping device's addresses, it answers on behalf of the sleeping device, without waking it up, giving its own MAC address as the current (temporary) owner of that address.”

https://en.wikipedia.org/wiki/Bonjour_Sleep_Proxy

https://discussions.apple.com/thread/2160614

> 
>> (Or perhaps they wanted to have a feature to let someone  AirPlay from a
>> different VLAN than another device?)
> 
> Cisco Wireless does claim to have some features to 'help' Bonjour / mDNS
> to work better. I wonder if one of those features is misbehaving.
> 
> Simon


---
Bruce Curtis                         bruce.curtis at ndsu.edu
Certified NetAnalyst II                701-231-8527
North Dakota State University        

• Previous message (by thread): Apple devices spoofing default gateway?
• Next message (by thread): Analysing traffic in context of rejecting RPKI invalids
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]