cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
430
Views
0
Helpful
3
Replies

FWSM and WLSM with 6500

justin.donoghue
Level 1
Level 1

Hi

Question I have is related to the following setup. WLSM and access points (L3 roaming)incorporated into 6500 with FWSM. The FWSM is firewalling 2 wireless networks. Access points have BVI on seperate subnet with subinterfaces on fastethernet defining vlans for 2 ssid's. BVI subnet has HSRP address for default gateway on the access points. The issue is as part of a security audit it was discovered that wireless clients were recieving HSRP traffic even though they should be completely seperate from the rest of the network via the FWSM. IS this normal or am I missing something?

Thanks

3 Replies 3

aashish.c
Level 4
Level 4

hi

what kind of HSRP traffic the other clients are recieving?

under the interface config mode of BVI, apply the command "no ip forward-protocol 136" and same for 137,138.

try this and cehck if it resolves the issue.

regards

aashish C

hi

HSRP as in udp 1985 to 224.0.0.2. this seems to be being bridged from the 6500 down the trunk to the vlan associated with the ssid/mobility id for the wireless network in question. I know removing HSRP config on the vlans on the 6500s would work but my worry is that there is a backdoor open for other non trusted traffic.

hi

you may try ACLs to block all other traffic other than trusted traffic. that will take care of this issue.

regards

aashish C

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: