We've got a WLC-4402 running in Layer 2 mode controlling about 20 APs. I'm noticing that there is a lot of LWAPP traffic destined for the controller that is being broadcast to all switch ports on the LAN. Ethereal identifies it as Association Requests and Association Responses.
You can see in this capture that the source of the EthernetII frame is 00:0b:85:65:4e:90, a 1020 access point. But in the packet details it's revealed that inside the LWAPP encapsulated packet, the source is 00:0d:28:2e:69:4b, a Cisco 7920 wireless phone, with a destination of the AP itself. It does look like a wireless assocication converstaion between the 7920 and the AP.
So, I'm curious about why it's being broadcast out every switch port across the entire LAN, despite the fact that it's not being sent to a broadcast address. Shouldn't the traffic from the APs (AP1020 units) be going ONLY to the WLC4402 and not appearing everywhere else?