LWAPP and BPDUGuard

Answered Question
Feb 26th, 2009

Does anyone know if LWAPP/CAPWAP access points send out BPDUs? I can't think of any reason why they would, but wanted to see if anyone has direct experience.

Correct Answer by Johannes Luther about 7 years 12 months ago

They don't.

My default LWAPP access-port configuration is with BPDUGuard enabled. Never had ERR-DISABLED problems on these ports.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Johannes Luther Thu, 02/26/2009 - 07:20

They don't.

My default LWAPP access-port configuration is with BPDUGuard enabled. Never had ERR-DISABLED problems on these ports.

MARK BAKER Thu, 08/22/2013 - 14:14

I know this is an old post, but it most closely discusses the topic of my question. Is it possible for a wireless client to send a BPDU and for it to be forwarded by the LWAP to the switch port causing the port to err-disable and a DoS for other wireless clients? Or, does an LWAP not forward BPDUs between wired and wireless interfaces?


Thank you,

Mark

Leo Laohoo Thu, 08/22/2013 - 15:45
Is it possible for a wireless client to send a BPDU and for it to be forwarded by the LWAP to the switch port causing the port to err-disable and a DoS for other wireless clients?

BPDU are sent by switch.  So the answer to your question is YES if your AP is a WGB and you've got a switch at the end.  The switch will send a BPDU up to the local AP, the local AP will forward the BPDU to the other remote AP.  The remote AP will decode and send the BPDU down the remote switch.  Remote switch sees incoming BPDU and the rest is history.

MARK BAKER Thu, 08/22/2013 - 17:28

Leo,


After I thought about it some more, wouldn't any traffic from a client connected to an LWAP that is centrally switched to the WLC not be seen by the switch itself? I could see this being an issue with HREAP or FLEXConnect, but I'm thinking centrally switched LWAPs should be fine. What do you think.


Thank you,

Mark

Leo Laohoo Thu, 08/22/2013 - 17:43

Mark,


As long as it's not a switch, then I believe BPDU guard won't be triggered.

George Stefanick Thu, 08/22/2013 - 17:48

This could be a factory for mesh and Ethernet switching .. That traffic gets dumped on the raps wired port

Sent from Cisco Technical Support iPad App

Actions

This Discussion

 

 

Trending Topics - Security & Network