For some reason or another, both of the service port interfaces on our WiSM WLCs are sorucing Fin-Ack packets to IP addresses out on the Internet.
My understanding is that the service ports are only suppose to be used for communication between the Sup720 and WiSM, and I'm wondering if this could be due to some type of misconfiguration on the WiSM or 6509E.
We have static IP addresses configured on the service ports in vlan 999 on the 6509E:
interface Vlan999 description VLAN for WiSM Service Port ip address 192.168.99.1 255.255.255.0 no ip redirects no ip proxy-arp end
There is also a connected route for this vlan on the 6509E:
ROUTER# sh ip route
C 192.168.99.0/24 is directly connected, Vlan999
I have verified that traffic on vlan 999 is being routed off of that vlan. Should I? and how can I prevent that?
Should our service port vlan (999) be a L2 vlan instead of L3 at the 6509E?
Should we even have an SVI for vlan 999 on the 6509E?
With the 6509E being a VTP server, vlan 999 has propigated to all of the other swtiches on our campus.
It just seems odd that this traffic would be coming from the service port interfaces.
The source port for the Fin-Ack packets are always port 2006 of the WiSM service port interfaces:
10:57:14 192.168.99.3.2006 > 18.104.22.168.55604: F ack 1572593820 win 1378 10:57:14 192.168.99.3.2006 > 22.214.171.124.50091: F ack 520899031 win 1378 10:57:14 192.168.99.3.2006 > 126.96.36.199.52194: F ack 198026245 win 1378 10:57:14 192.168.99.3.2006 > 188.8.131.52.62076: F ack 2128482631 win 1378 10:57:14 192.168.99.2.2006 > 184.108.40.206.52873: F ack 3642030540 win 1378 10:57:15 192.168.99.3.2006 > 220.127.116.11.59208: F ack 644520437 win 1378
Its understandable that traffic destined for the service port subnet would be forwarded out of the service port interfaces but in this case the traffic is destined for the IP addresses out on the Internet, not the service port subnet.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...