Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

icmp from controller interface

This thread has been viewed 3 times

  • 1.  icmp from controller interface

    Posted Jul 16, 2012 11:37 AM

    Just wondering if icmp traffic from controller interface should be allowed to the client devices? Looks like I'm blocking it currently on my guest network since all internal IP's are blocked. But are pings what the controller uses as a keep-alive for the user time outs?

     

    -GR



  • 2.  RE: icmp from controller interface

    Posted Jul 17, 2012 05:40 PM

    Its tuneable but by default the controller will try to ping a client after 5 minutes of inactivity.  If the ping fails the controller will age the client out.  In the case where ping is prevented then I guess the only check is inactivity as ping will fail no matter what.



  • 3.  RE: icmp from controller interface

    Posted Jul 20, 2012 11:02 AM

    Gotcha, I had traffic allowed from the controller, but that alias is only configured for the physical interface, not the virtual interfaces, which is where the icmp traffic was originating from. Could not modify the controller alias, so had to create new which included all the vlan interfaces. Any thoughts on allowing/blocking broadcast traffic on guest vlan? That is the only other traffic I see being constantly dropped on guest vlan. My thought was any malicious broadcast traffic would be prevented from getting to other clients on the same VLAN but not sure if it has any real impact on legit traffic.

     

    Thanks for the post tarinelli.

     

    -GR