Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM and WLSM with 6500

Hi

Question I have is related to the following setup. WLSM and access points (L3 roaming)incorporated into 6500 with FWSM. The FWSM is firewalling 2 wireless networks. Access points have BVI on seperate subnet with subinterfaces on fastethernet defining vlans for 2 ssid's. BVI subnet has HSRP address for default gateway on the access points. The issue is as part of a security audit it was discovered that wireless clients were recieving HSRP traffic even though they should be completely seperate from the rest of the network via the FWSM. IS this normal or am I missing something?

Thanks

3 REPLIES
Bronze

Re: FWSM and WLSM with 6500

hi

what kind of HSRP traffic the other clients are recieving?

under the interface config mode of BVI, apply the command "no ip forward-protocol 136" and same for 137,138.

try this and cehck if it resolves the issue.

regards

aashish C

New Member

Re: FWSM and WLSM with 6500

hi

HSRP as in udp 1985 to 224.0.0.2. this seems to be being bridged from the 6500 down the trunk to the vlan associated with the ssid/mobility id for the wireless network in question. I know removing HSRP config on the vlans on the 6500s would work but my worry is that there is a backdoor open for other non trusted traffic.

Bronze

Re: FWSM and WLSM with 6500

hi

you may try ACLs to block all other traffic other than trusted traffic. that will take care of this issue.

regards

aashish C

102
Views
0
Helpful
3
Replies
CreatePlease login to create content