04-21-2006 02:16 AM - edited 03-09-2019 02:40 PM
Hi
Question I have is related to the following setup. WLSM and access points (L3 roaming)incorporated into 6500 with FWSM. The FWSM is firewalling 2 wireless networks. Access points have BVI on seperate subnet with subinterfaces on fastethernet defining vlans for 2 ssid's. BVI subnet has HSRP address for default gateway on the access points. The issue is as part of a security audit it was discovered that wireless clients were recieving HSRP traffic even though they should be completely seperate from the rest of the network via the FWSM. IS this normal or am I missing something?
Thanks
04-25-2006 02:19 AM
hi
what kind of HSRP traffic the other clients are recieving?
under the interface config mode of BVI, apply the command "no ip forward-protocol 136" and same for 137,138.
try this and cehck if it resolves the issue.
regards
aashish C
04-25-2006 02:37 AM
hi
HSRP as in udp 1985 to 224.0.0.2. this seems to be being bridged from the 6500 down the trunk to the vlan associated with the ssid/mobility id for the wireless network in question. I know removing HSRP config on the vlans on the 6500s would work but my worry is that there is a backdoor open for other non trusted traffic.
04-25-2006 03:47 AM
hi
you may try ACLs to block all other traffic other than trusted traffic. that will take care of this issue.
regards
aashish C
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: