Possible ARP spoofing attack
Freshman MemberI have a problem with an access point (NWA130BE). It happens that suddenly two different MAC are coming from the same device. The LAN MAC is 48:xx:xx:xx:17:c7 and should receive the IP 192.168.1.3 via the static DHCP table. But suddenly the AP comes with the MAC 48:xx:xx:xx:17:c8 and gets an IP via DHCP. The firewall recognizes this as an ARP attack and the WLAN is interrupted. This is the error: Possible ARP spoofing attack on IP 192.168.1.200. Current hardware address is 48:xx:xx:xx:17:c7. Can anyone help me?
BR José
Accepted Solution
-
Hi @chelefteo
As discussed on private msg, upon reviewing your AP's event log, we noticed that your AP has been operating as a repeater (mesh mode) for some time, which caused it to use the WDS VAP MAC address(48:xx:xx:xx:17:c8) to send DHCP packets.
To resolve this, we suggest the following steps:
- If you want your AP to maintain a static IP, please configure its LAN IP directly as a static IP.
- It is recommended to check if the Ethernet cable connected to the NWA130BE is damaged, as this might be causing the AP to switch to repeater mode. To ensure stable performance and speed, it is best to connect your AP via an Ethernet LAN cable.
Kay
0
Zyxel Employee
All Replies
-
Hi @chelefteo
To gain a clearer understanding of the symptoms you're experiencing, could you please share the following information with us?
- A screenshot of your firewall's DHCP table (feel free to send this via private message).
- A detailed description of your network topology, particularly how the AP with the MAC ending in
17:c7is connected. - If your AP is managed in Nebula cloud mode, please enable Zyxel Support and provide your Nebula organization and site name. This will help us review your AP configuration directly.
P.S.: For privacy reasons, I have made some edits to your post.
Kay
0 -
Hi @chelefteo
As discussed on private msg, upon reviewing your AP's event log, we noticed that your AP has been operating as a repeater (mesh mode) for some time, which caused it to use the WDS VAP MAC address(48:xx:xx:xx:17:c8) to send DHCP packets.
To resolve this, we suggest the following steps:
- If you want your AP to maintain a static IP, please configure its LAN IP directly as a static IP.
- It is recommended to check if the Ethernet cable connected to the NWA130BE is damaged, as this might be causing the AP to switch to repeater mode. To ensure stable performance and speed, it is best to connect your AP via an Ethernet LAN cable.
Kay
0
Categories
- All Categories
- 415 Beta Program
- 2.5K Nebula
- 152 Nebula Ideas
- 101 Nebula Status and Incidents
- 5.8K Security
- 296 USG FLEX H Series
- 281 Security Ideas
- 1.5K Switch
- 77 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 254 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 87 About Community
- 76 Security Highlight
