Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Strange WLC behavior

I am trying to figure out whether I should be concerned or not. We have a WLC that I inadvertantly discovered is trying to continually "go out" to the internet. The interface that the WLC is using is the "service-port". The error messages we see constantly on our firewall are

<142>Apr 13 2010 09:20:33: %ASA-6-106015: Deny TCP (no connection) from to  17­ flags FIN ACK on interface inside

the destination ports and ip address appear to be random. We do also have a guest network, however our guest network is in theory segmented from our enterprise network. What concerns me is that the "service-port" interface is sending this messages out. Any insight would be welcome...

Everyone's tags (3)

Re: Strange WLC behavior

Have you looked at mac address tables & arp caches to verify that the ip is indeed that of the wlc service port and not another device using the same ip by chance?

Community Member

Re: Strange WLC behavior

It's the same mac on the WLC that shows up in ARP.... so no spoofing, etc going on.

CreatePlease to create content