I have multiple remote office locations and I have implemented HREAP using central authentication and local switching. The offices have 3 vlans. switch/router mngmnt, Wireless management and the office vlan. The access points are 3502I. The code is 18.104.22.168 .
The access point IP addresses come from a DHCP scope on the local router. This is is a specific range i.e. 10.20.x.x. This space is only permited to communicate with the central office controllers and denied any other traffic . The AP network is locked down with both an inbound and outbound set of ACL's on the office router.
The AP port on the switch is setup as a trunk and management is the native vlan .
Our IT Security group came to me with a concern. They were seeing apple traffic over the 10.20.x.x network and alot of ICMP traffic from the internet.
Questionis how is the user traffic that is setup to be switched locally getting on the AP management network ? and not staying on the user vlan ?
Unless you have any other centrally switch WLAN, all traffic except capwap mgt traffic (src or dst to AP mgt IP) should terminate on your branch local swtich & then go via normal ip routing path to your cerntral office.
Best if you could a packet capture of your branch WAN link & confirm 100% you would see user traffic coming from 10.20.x.x network.
I am not 100% sure whether all packets will be locally switched or first packet will be centrally switched & rest will be locally switched. Your packet capture would prove this.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...