I know this is an old post, but it most closely discusses the topic of my question. Is it possible for a wireless client to send a BPDU and for it to be forwarded by the LWAP to the switch port causing the port to err-disable and a DoS for other wireless clients? Or, does an LWAP not forward BPDUs between wired and wireless interfaces?

Thank you,

Mark

Is it possible for a wireless client to send a BPDU and for it to be forwarded by the LWAP to the switch port causing the port to err-disable and a DoS for other wireless clients?

BPDU are sent by switch.  So the answer to your question is YES if your AP is a WGB and you've got a switch at the end.  The switch will send a BPDU up to the local AP, the local AP will forward the BPDU to the other remote AP.  The remote AP will decode and send the BPDU down the remote switch.  Remote switch sees incoming BPDU and the rest is history.

Leo,

After I thought about it some more, wouldn't any traffic from a client connected to an LWAP that is centrally switched to the WLC not be seen by the switch itself? I could see this being an issue with HREAP or FLEXConnect, but I'm thinking centrally switched LWAPs should be fine. What do you think.

Thank you,

Mark

Mark,

As long as it's not a switch, then I believe BPDU guard won't be triggered.

This could be a factory for mesh and Ethernet switching .. That traffic gets dumped on the raps wired port

Sent from Cisco Technical Support iPad App