10-14-2010 03:14 PM - edited 07-03-2021 07:17 PM
Cisco wireless controller is sending out malform packets across the network. Wireshark reports numerous malform packets with the source of the Wireless Controller. when we unplug the WC the malformed packets go away and our network returns to total normal. We do have the lastest firmware on it. We do have multicast on, because we use a program called synchroneyes at the school. We have about 20 AP's on it.
Thanks
Marty
10-14-2010 04:04 PM
turning of multicast, or enabling IGMP Snooping reduces the malformed packets.
10-14-2010 11:44 PM
Hi Martin,
never blindly trust Wireshark about malformed packets, it may simply be that it's not decoding it properly.
For example, if you don't turn lwapp/capwap decryption on, Wireshark thinks that all lwapp/capwap traffic contain malformed wireless probe requests.
So I'd suggest you look more closely at the packet and check what is malformed about it. If it's correct up to the lwapp/capwap payload, then you shouldn't worry.
Make sure you have the latest wireshark version and in "Edit->preferences" turn on capwap/lwapp decryption
Nicolas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide