All, We're seeing a bit of a weird one on our network at the moment, and wondering if anyone else has seen it.
Since Friday we're seeing Apple devices (we believe it's both laptops and iPhones) responding to ARP requests for the default gateway IP with their own MAC address (i.e. ARP spoofing / MITM type attack). We're only seeing it on Apple devices, but what's more strange is that we're only seeing it where those Apple devices are connected to Cisco 1810 and 1815 APs, and where those APs are connected to a Cisco WLC running v8.5 software. If we downgrade the WLC to v8.2 the problem goes away (but v8.2 doesn't support 1815 APs, so we can't roll that out globally). We're engaged with Cisco TAC, but they're trying to deny it's their problem. Apple support are investigating, but aren't admitting to having seen it before. Has anyone else seen or heard of similar issues over the last few days? Many thanks, Simon
