IP source address spoofing protection

CotyMick
Getting noticed

IP source address spoofing protection

Hey All!

 

 

Does anyone know if changing the IP source address spoofing protection mode from Log to Block will cause a disruption of network services during the change?

 

 

Thanks,
Mick~

5 Replies 5
NolanHerring
Kind of a big deal

I can't say for certain, as I applied this to all of my networks when it first became available and didn't notice anything, but I also wan'st looking for any sort of network blip.

I would imagine it would not cause a network service interruption. I would hope that if it did, it would warn you accordingly, and I just tested it in my lab and got no warning.

Don't see anything about it here either:
https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/IP_Source_Address_Spoofing_Protecti...
Nolan Herring | nolanwifi.com
TwitterLinkedIn
CotyMick
Getting noticed

@NolanHerring Thanks!

PhilipDAth
Kind of a big deal
Kind of a big deal

It wont cause any disruption.

 

If something was doing it at the moment return traffic could not get routed to it, and it would already be broken.

CotyMick
Getting noticed

@PhilipDAth Thanks!

Maverik
New here

Hello all. Does anyone know 1)whether the logs are definitive on spoofing taking place, and 2)whether devices would be blocked if this option is enabled?

 

I hesitate to enable as I reviewed our logs which show laptops on our (flat) network are being flagged. However, these are company laptops that are on the corp wifi, which have obtained the correct DHCP.

 

I already read the article for Meraki MXs Anti-spoofing. We have the MX appliance and just Dell switch, no VLANs.

 

Thanks.

Examples:

 

Time(PST)ClientEvent type  
12/13/2022 10:11laptop1Source IP and/or VLAN mismatch  
12/13/2022 10:11laptop2Source IP and/or VLAN mismatch  
     
     
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels