Wireless Access

Reply
Frequent Contributor II

Erroneous RAP Traffic?

Was curious if anyone has experienced any issue with RAPs generating erroneous traffic through its tunnel, to the Internet.  Long story short, we have a policy on our firewalls that blocks outbound traffic to known bad IP addresses on the Internet. When running a query of any hosts that have hit that policy, several RAPs show up.   The public IP address of the RAP is shown to be pinging specific malicious, known bad IP addresses on the Internet.  
Question...does a RAP do anything else, other than tunnel through the Internet back to the controller?  Does it participate in any other possible traffic?  The source IP address in the firewall is showing as the RAP's public IP, which is odd because if it terminates on the controller, you would think the controller's internal IP address would be the IP address listed as the source going out to the bad IP addresses.  

Here is what I'm seeing:

Capture.JPG

 

Source address of 24.73.190.218 is a RAP.  Destination IP 128.232.110.31 is malicious.

 

Makes no sense, but throwing it out there for comment. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: