nanog mailing list archives
Re: Apple devices spoofing default gateway?
From: www boy <wwwboy () gmail com>
Date: Tue, 11 Jun 2019 13:45:55 +1000
Good day Matt, We have a combination of IAP-135 and IAP-125's , we are running a older firmware (yeah i know it needs updating something for next month or so) Worst luck I couldnt work out how to modify local arp caches on the access points. I have just enabled "Deny inter user bridging" and that seems to have stopped the network from crashing when a client steals the router IP. (this solution may not be the best for some environments tho) Worst luck Apple is being very slow with a solution and even admitting there is a issue. But I just wanted to make sure i updated this thread so at least people in the future can find it when they google. If anyone else has any good ideas or solutions let me know. I am keen to try the latest firmware to see if that has any other features that might prevent this. Regards, Mike On Sat, Jun 8, 2019 at 5:59 AM Matt Freitag <mlfreita () mtu edu> wrote:
For those of us with Aruba wireless, www boy, could you share some more info about your setup/code version/configuration/specific APs/controller model(s)/etc? Matt Freitag Network Engineer Michigan Tech IT Michigan Technological University We can help. mtu.edu/it (906) 487-1111 On Fri, Jun 7, 2019 at 3:06 PM Matt Hoppes < mattlists () rivervalleyinternet net> wrote:Turn on client isolation on the access points?On Jun 7, 2019, at 3:00 PM, Hugo Slabbert <hugo () slabnet com> wrote:On Fri 2019-Jun-07 16:21:29 +1000, www boy <wwwboy () gmail com> wrote: I just joined nanog to allow me to respond to a thread that Simonposted inMarch. . (Not sure if this is how to respond) We have the exact same problem with Aruba Access points and withmultipleMacBooks and a iMac. Where the device will spoof the default gateway and the effect is thatvlanis not usable. I also have raised a case with Apple but so far no luck. What is the status of your issue? Any luck working out exactly whatthecause is?We appeared to hit this with Cisco kit:https://www.cisco.com/c/en/us/support/docs/wireless/aironet-3800-series-access-points/214491-arp-responses-for-default-gateway-ip-add.htmlThey don't say *exactly* that the Apple devices are spoofing thegateway, but some behaviour in what they send out results in the proxy arp being performed by the APs to update the ARP entry for the gateway address to the clients':* This is not a malicious attack, but triggered by an interactionbetween the macOS device while in sleeping mode, and specific broadcast traffic generated by newer Android devices* AP-COS while in FlexConnect mode provides Proxy ARP (ARP caching)services by default. Due to their address learning design, they will modify table entries based on this traffic leading to default gateway ARP entry modificationThe fix was to disable ARP caching on the APs so they don't proxy ARPbut ARP replies pass directly between client devices.-- Hugo Slabbert | email, xmpp/jabber: hugo () slabnet com pgp key: B178313E | also on Signal
Current thread:
- Re: Apple devices spoofing default gateway? www boy (Jun 07)
- Re: Apple devices spoofing default gateway? Hugo Slabbert (Jun 07)
- Re: Apple devices spoofing default gateway? Matt Hoppes (Jun 07)
- Re: Apple devices spoofing default gateway? Owen DeLong (Jun 07)
- Re: Apple devices spoofing default gateway? Matt Freitag (Jun 07)
- Re: Apple devices spoofing default gateway? www boy (Jun 10)
- Re: Apple devices spoofing default gateway? Matt Hoppes (Jun 07)
- Re: Apple devices spoofing default gateway? Hugo Slabbert (Jun 07)
- Re: Apple devices spoofing default gateway? William Herrin (Jun 07)