I have a controller sat on a network (10.10.10.0/24) with a management address of 10.10.10.250. There's a distant site we have at the other side of the network with a range at 192.168.0.0/24. I have 5 thin HREAP access points on this network with three WLANs from the controller and one WLAN delivered via a trunk point with VLAN 2 tagging (the 192.168.0.0/24 network is VLAN1). The VLAN2 (e.g. 172.16.0.0/24) network is basically an untrusted network to us , but I didn't think this would matter as the HREAP config would mean that none of this traffic should even leave the access point - apart from stats/client info.
However, i've recently been seeing something odd in that there must be some multicast-talking clients on this untrusted network and whatever they are talking about I can see on my management LAN (10.10.10.0). I can basically see multicast packets with source IPs from the untrusted network. How is this possible? More importantly how can I stop it?
All network numbers are just examples. Any help or ideas would be gratefully received.
"but I didn't think this would matter as the HREAP config would mean that none of this traffic should even leave the access point"
Keep in mind that when an ap is hreap mode, the ap essentially acts like a switch with respect to its ethernet port. When it gets a packet from the wireless side, if appropriate, it tags it and puts it on the wire.
Under ordinary circumstances (unless something is configured to stop this), if a wireless client connected to an hreap ap sends a multicast packet, it absoutely will be put on the wire by the ap, just as a broadcast would. I just confirmed this with lab equipment.
So if there isn't a routed path from the remote untrusted networks to your mgmt vlan, there may (should) be L3 multicast routing configured for the untrusted and your management routed interfaces. Is this the case?
The Ap lose ip static, we thought the Ap was not able to communicate with the WLC with assigned static IP address. When this happens the ap will fall back ti trying ti get a DHCP address.This occur randomly in platform controller 2504 with AP's model AIR-...
Dear Friends, I have to upgrade IOS in 5520, here my question was how to identify which FUS was installed in the WLC.GUI ----Software Version 184.108.40.206Emergency Image Version 220.127.116.11 -------sh sysinfo Product Version....................
Security has become one of the greatest concerns for every company alike. The industry is moving towards a fast paced and customer-oriented network infrastructure which automatically increases the vulnerabilities a network is exposed to. As the industry t...
We got some new Apple Macbook Air, when connected to wifi, we found the link speed was only 54Mbits, but other laptops like DELL or Panasonic were working fine, the link speed was at least 800 Mbits. we are using Cisco WLC 5504 and 2702I ap.and the funny ...