In normal operation, Cisco APs generate an unencrypted multicast data frame that travels over the air and includes a variety of information in the clear. From these frames a hacker listening to the airwaves could determine the MAC address of the wireless controller that the AP is connected to, the IP address for that controller, and a variety of AP configuration options. These frames are always unencrypted regardless of the encryption scheme used in the network, and are always sent regardless of whether the OTAP feature is turned on or not. At the very least, this allows anyone listening to the network to easily find the internal addresses of the wireless LAN controllers in the network, and potentially target them for attack. All lightweight Cisco deployments are subject to this exposure.
âLAPs support OTAP only when they have a full LWAPP Cisco IOS image. OTAP is not supported by the LWAPP Recovery Cisco IOS image. The LWAPP Recovery Image is shipped from the factory and loaded by the upgrade tool. The recovery images (cXXXX-rcvk9w8-mx), shipped with new out-of-the-box LAPs, do not contain any radio firmware and do not bring up any radio interfaces during the boot process. Hence OTAP does not work with out-of-the-box LAPs. The exceptions are out-of-the-box 1510s and 1520 APs, which have a full image installed in flashâ
On subsequent reboots, the access points will go through the complete discovery process which includes OTAP discovery. However, since the list of controllers is already in the APs' configuration, they will attempt to register with these controllers first.
As soon as they join a controller they'll get an image that supports OTAP.
According to the excellent video at the link below, OTAP uses RRM packets. However, the video states that the RRM packet will only contain the controller IP address if OTAP is enabled. Therefore, I would only enable OTAP when deploying new AP's (and only if the AP's had no other way of discovering a controller). Turn of OTAP when you are not adding AP's to the network. I have a small capture from my network where OTAP is turned off (RRM is off, too - go figure). Only one RRM paacket was captured, so I can't be 100% certain, but the IP address of my controller was not in the packet. I'll be doing some more captures to check.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...