Wireless ARP requests that disable switchports

Unanswered Question
Feb 10th, 2009

Hello,

I have here an interesting issue. We have a mac address authentication scheme for our wireless structure and we have found that if a wireless client is not registered on the network, it sends multicast arp requests via the wired connection which ends up forcing the switch to errdisable the port due to going over the default 16 arp requests/second.

This can be solved by just disabling wireless or registering the wireless mac on the network but my question is why would the wireless client send arps via the wired connection in the first place?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
jeff.kish Tue, 02/10/2009 - 13:56

What wired connection are you talking about? Are the clients using wireless and also plugged into a switch?

If a client has multiple NICs, the OS determines which one to use. If you look at Network Connections in XP, for example, you can order which NIC should be used when multiple ones are installed. In general, by default the wired connection is used since it's faster.

I'm not sure if that's what you're looking for or not... haha.

tajennings Tue, 02/10/2009 - 14:12

Yes, the clients are connecting to both wireless and wired networks.

So basically why would the OS be sending ARP requests out via wired network when the wireless nic is refused access due to not being registered and does not recieve a IP address from DHCP?

CFayNTAdmin83 Wed, 02/11/2009 - 09:57

Hi Everyone,

I'm not sure if this helps or not, but do you need to have multicasting running on your switches? If you don't need to multicast, then maybe you can disable that, use unicast instead, and maybe that will remove the multicast arp packets. If you have a Wireless LAN Controller, check to see if multicasting is turned on. I only have unicast mode running. Did you use a packet sniffer like wireshark to find the multicast packets? Maybe you can find where they're coming from by checking the packets. Hope this helps!

jeff.kish Wed, 02/11/2009 - 12:01

Well, ARP requests aren't actually multicasts, but if they were then that'd be a good suggestion.

So you're saying that the client does NOT get an address via either wireless or wired? Is it giving itself an APIPA (169.x.x.x)? If so, it would start ARPing out anything it tries to connect it, and that would just depend on the programs running on the client.

Actions

Login or Register to take actions

This Discussion

Posted February 10, 2009 at 8:42 AM
Stats:
Replies:4 Avg. Rating:
Views:270 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard