10-25-2013 12:03 PM - edited 07-04-2021 01:09 AM
Hello all,
I have multiple remote office locations and I have implemented HREAP using central authentication and local switching. The offices have 3 vlans. switch/router mngmnt, Wireless management and the office vlan. The access points are 3502I. The code is 7.0.235.3 .
The access point IP addresses come from a DHCP scope on the local router. This is is a specific range i.e. 10.20.x.x. This space is only permited to communicate with the central office controllers and denied any other traffic . The AP network is locked down with both an inbound and outbound set of ACL's on the office router.
The AP port on the switch is setup as a trunk and management is the native vlan .
Our IT Security group came to me with a concern. They were seeing apple traffic over the 10.20.x.x network and alot of ICMP traffic from the internet.
Questionis how is the user traffic that is setup to be switched locally getting on the AP management network ? and not staying on the user vlan ?
10-25-2013 01:29 PM
Where is your internet link to servcing these branch users ? Do they have own internet connection at each branch ? or are they coming to your central office to acces internet ?
Rasika
10-25-2013 02:01 PM
All traffic internet included comes back to the main office.
10-25-2013 02:30 PM
Unless you have any other centrally switch WLAN, all traffic except capwap mgt traffic (src or dst to AP mgt IP) should terminate on your branch local swtich & then go via normal ip routing path to your cerntral office.
Best if you could a packet capture of your branch WAN link & confirm 100% you would see user traffic coming from 10.20.x.x network.
I am not 100% sure whether all packets will be locally switched or first packet will be centrally switched & rest will be locally switched. Your packet capture would prove this.
HTH
Rasika
**** Pls rate all useful responses *****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide