Meraki

CotyMick · ‎Feb 11 2019

Hey All!

Does anyone know if changing the IP source address spoofing protection mode from Log to Block will cause a disruption of network services during the change?

Thanks,
Mick~

NolanHerring · ‎Feb 11 2019

I can't say for certain, as I applied this to all of my networks when it first became available and didn't notice anything, but I also wan'st looking for any sort of network blip.

I would imagine it would not cause a network service interruption. I would hope that if it did, it would warn you accordingly, and I just tested it in my lab and got no warning.

Don't see anything about it here either:
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/IP_Source_Address_Spoofing_Protecti...

Nolan Herring | nolanwifi.com

CotyMick · ‎Feb 11 2019

@NolanHerring Thanks!

PhilipDAth · ‎Feb 11 2019

It wont cause any disruption.

If something was doing it at the moment return traffic could not get routed to it, and it would already be broken.

CotyMick · ‎Feb 11 2019

@PhilipDAth Thanks!

Maverik · ‎Dec 13 2022

Hello all. Does anyone know 1)whether the logs are definitive on spoofing taking place, and 2)whether devices would be blocked if this option is enabled?

I hesitate to enable as I reviewed our logs which show laptops on our (flat) network are being flagged. However, these are company laptops that are on the corp wifi, which have obtained the correct DHCP.

I already read the article for Meraki MXs Anti-spoofing. We have the MX appliance and just Dell switch, no VLANs.

Thanks.

Examples:

Time(PST)	Client	Event type
12/13/2022 10:11	laptop1	Source IP and/or VLAN mismatch
12/13/2022 10:11	laptop2	Source IP and/or VLAN mismatch