Sleeping Apple Devices Responding to ARP Requests for the Default Gateway
We've been experiencing this issue and we're running Cisco 3802 Flex Connect with a WLC 8500.
We are going to attempt DIA This weekend but from both Cisco and Apple they are saying there isn't much we can do. Cisco is saying they will have a patch for the Wireless Controller to introduce ARP security for this in about a month and Apple won't release to the public what is the issue or when their patch would be out to fix it.
Some Options that have been floated to us as a Temp Solution -- Downgrade the WLC to 8.2 from the current recommended version 8.5.140 -- Upgrade the WLC to 8.5.140.11 a special release not provided without support consent that will require DHCP reassociation on every device when roaming. Not a great Trade off. -- Remove Flex Connect and re design your WLAN to Central which would tunnel the ARP traffic to the WLC and use built in security for ARP protection. "We are not going to do this"
What we will be trying! Enable DIA on the Switching platform and log the drops. The hope is if this is from a sleeping Macbook then the getting dropped won't matter and we'll see some kind of containment.
This is our last option.