For my company, I am running a Cisco 5508 WLC with a 4400 WLC as a guest anchor in our DMZ. There is a guest SSID and several business SSID's for internal equipment. Guest traffic should be tunneled out to the 4400 controller where [the client] gets its IP address and is sent out to the internet. No internal corporate access is possible. However, when I do a packet capture from my wired PC, I'm seeing traffic generated by different iPhones. It appears to be mostly IPv6 mDNS or ICMPv6 traffic. How would this traffic make it onto the corporate wired network, when it should be staying on the guest network? None of the iPhones have been setup on the business SSIDs, so I know it isn't legit traffic. Is there a setting in the WLC that will block this? Will an ACL work?
These are examples of some of the traffic that wireshark is capturing:
For our internal users, we have an application that runs under a Microsoft Network Load Balancer cluster. So it uses a unicast IP address with a multicast MAC address. Would disabling multicast on the WLC affect access to that system? The controller is currently set to "Unicast" for the Ethernet Multicast Support setting and IGMP snooping is enabled. I believe the IGMP part is what allows the NLB cluster to work.
Well, you are asking a valid question but unfortunately I don't know the answer. I tried to find in config guide and multicast design guide if there disabling mylticast affects only L3 multicat or both L3 and L2 multicast but I unfortunately could not find an answer.
Just one hint came to my mind, do you have Ipv6 bridging enabled under your WLAN (under advanced tab)?
I think it is enabled so you may try disabling it. That would possibly stop the IPv6 traffic.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...