Wireless Access

Reply
Occasional Contributor II

icmp from controller interface

Just wondering if icmp traffic from controller interface should be allowed to the client devices? Looks like I'm blocking it currently on my guest network since all internal IP's are blocked. But are pings what the controller uses as a keep-alive for the user time outs?

 

-GR

Aruba Employee

Re: icmp from controller interface

Its tuneable but by default the controller will try to ping a client after 5 minutes of inactivity.  If the ping fails the controller will age the client out.  In the case where ping is prevented then I guess the only check is inactivity as ping will fail no matter what.

Occasional Contributor II

Re: icmp from controller interface

Gotcha, I had traffic allowed from the controller, but that alias is only configured for the physical interface, not the virtual interfaces, which is where the icmp traffic was originating from. Could not modify the controller alias, so had to create new which included all the vlan interfaces. Any thoughts on allowing/blocking broadcast traffic on guest vlan? That is the only other traffic I see being constantly dropped on guest vlan. My thought was any malicious broadcast traffic would be prevented from getting to other clients on the same VLAN but not sure if it has any real impact on legit traffic.

 

Thanks for the post tarinelli.

 

-GR

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: