Controller Based WLANs

How do I block HSRP traffic entering into the WLAN when an Aruba controller is connected directly to a Cisco switch?

Question:  How do I block HSRP traffic entering into the WLAN when an Aruba controller is connected directly to a Cisco switch?

 

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.1.28 and later.

To block HSRP traffic entering into an Aruba controller, create an ACL that will deny UDP 1985.

To create this ACL, issue these commands:

ip access-list session hsrp-deny

any any udp 1985 deny

any any any permit

!

Add this ACL to the uplink port that is connected to the Cisco switch, by issuing the following command:

ip access-group HSRP_DENY_ROLE session

!

Note: If you have two Cisco HSRP routers connected to two different ports on the Aruba controller, this may cause the router to not form the HSRP group properly. If you just want to avoid flooding HSRP/VRRP/spanning tree hellos to the air without breaking the wired network integrity, use broadcast-filter-arp/all in ArubaOS 3.3.2.10 and later.

Version History
Revision #:
1 of 1
Last update:
‎07-07-2014 02:39 PM
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.