I have multiple remote office locations and I have implemented HREAP using central authentication and local switching. The offices have 3 vlans. switch/router mngmnt, Wireless management and the office vlan. The access points are 3502I. The code is 18.104.22.168 .
The access point IP addresses come from a DHCP scope on the local router. This is is a specific range i.e. 10.20.x.x. This space is only permited to communicate with the central office controllers and denied any other traffic . The AP network is locked down with both an inbound and outbound set of ACL's on the office router.
The AP port on the switch is setup as a trunk and management is the native vlan .
Our IT Security group came to me with a concern. They were seeing apple traffic over the 10.20.x.x network and alot of ICMP traffic from the internet.
Questionis how is the user traffic that is setup to be switched locally getting on the AP management network ? and not staying on the user vlan ?