07-16-2012 08:37 AM
Just wondering if icmp traffic from controller interface should be allowed to the client devices? Looks like I'm blocking it currently on my guest network since all internal IP's are blocked. But are pings what the controller uses as a keep-alive for the user time outs?
07-17-2012 02:39 PM
Its tuneable but by default the controller will try to ping a client after 5 minutes of inactivity. If the ping fails the controller will age the client out. In the case where ping is prevented then I guess the only check is inactivity as ping will fail no matter what.
07-20-2012 08:02 AM
Gotcha, I had traffic allowed from the controller, but that alias is only configured for the physical interface, not the virtual interfaces, which is where the icmp traffic was originating from. Could not modify the controller alias, so had to create new which included all the vlan interfaces. Any thoughts on allowing/blocking broadcast traffic on guest vlan? That is the only other traffic I see being constantly dropped on guest vlan. My thought was any malicious broadcast traffic would be prevented from getting to other clients on the same VLAN but not sure if it has any real impact on legit traffic.
Thanks for the post tarinelli.