On Sat, 2011-05-14 at 13:05 -0500, John McDowell wrote: > We've been having an ongoing issue with ARP poisoning > one tower that we have, originating from some SM out there. > We thought it might be a bad firewall at one of the County > offices or something before, and it still may be? Nonetheless, > these are all Canopy APs and SMs, just wondering if setting > up a VLAN on these APs and subs would eliminate this type of > issue. If not, do any of you have any suggestions? It > basically cripples the rest of the subs on this tower when it > occurs and typically we have to go through and reboot APs for > long enough to see which one was the culprit...
The "best" approach here will be somewhat dependent upon how the network is set up. Are the Canopy devices bridged or configured as routers? If they are routers, perhaps you can set up a static arp entry for their gateway device in the SMs (not sure if Canopy supports this). Is your router (the customer gateway) a Mikrotik? If you assign IP space dynamically (via dhcp or some other mechanism), then there are methods to create static ARP mappings when the assignment happens. There are other routers that can support a similar function. With Cisco switches, you can use port protection creatively to prevent the spread of bad ARP information between customers. If you have Mikrotik devices at the towers you can create some bridge filters and limit the extent of the ARP poisoning that way. For a more direct answer to your question, VLANs can help, too, depending on your network design. -- ******************************************************************** * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE MY NEW NUMBER: 702-537-0979 * ******************************************************************** -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
