Olivier, We have enabled DHCP snooping, that has not really fixed the issue though. I am writing a script that looks at the IP and MAC addresses of users in the registration vlan and comparing them with MAC addresses that appear in our the ARP table. When it finds a discrepancy it disables any that port and sends an email. So far I have made minimal progress/success on it, but I have an idea on what it should look like.
As of now we are using the arping command: arping -D -I eth0 -c 2 192.168.6.1 then disabling the port by hand until we can track down who it belongs to. This may be the better approach for our script, I have not fully made up my mind yet. So far the turn the port off strategy has worked well because word got around that I would turn them off, so people have stopped doing that for the most part. Thanks, _ /-\ ndrew On Tue, Aug 31, 2010 at 1:37 PM, Olivier Bilodeau <[email protected]> wrote: > Hi Andrew, > > Have you fixed your situation? If so can you share the findings? > > Quick googling revealed some hints of things to look into your HP manual: > > - "AP [Arp Protection] tells the switch to only allow specific IP-to-MAC > pairs to be able to pass any traffic through it." > > - ip source-lockdown > > - DHCP Snooping > > I know that in a Cisco environment we run 'ip arp inspection' and 'dhcp > snooping' hand in hand and that it should tackle issues like these but > also that it's very tricky and we face false positive (especially with a > software changing VLANs like PacketFence) or IOS bugs so it's always a > bit of adjustments and testing in Lab. > > Cheers! > > Andrew Niemantsverdriet wrote: >> Josh, >> >> We are using HP Procurve 2600 series switches. We do have DHCP >> filtering turned on so that only authorized servers can do DHCP, but I >> am unaware of any Procurve that requires DHCP acquisition before >> forwarding. That feature sounds like it would fix my issue. >> >> Does anybody know if there is such a feature on Procurve 2600 switches? >> >> Thanks, >> _ >> /-\ ndrew >> >> > -- > Olivier Bilodeau > [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > _______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- _ /-\ ndrew Niemantsverdriet Academic Computing (406) 238-7360 Rocky Mountain College 1511 Poly Dr. Billings MT, 59102 ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
