Wireless Access

 View Only

Erroneous RAP Traffic?

This thread has been viewed 0 times
  • 1.  Erroneous RAP Traffic?

    Posted Sep 23, 2016 11:49 AM

    Was curious if anyone has experienced any issue with RAPs generating erroneous traffic through its tunnel, to the Internet.  Long story short, we have a policy on our firewalls that blocks outbound traffic to known bad IP addresses on the Internet. When running a query of any hosts that have hit that policy, several RAPs show up.   The public IP address of the RAP is shown to be pinging specific malicious, known bad IP addresses on the Internet.  
    Question...does a RAP do anything else, other than tunnel through the Internet back to the controller?  Does it participate in any other possible traffic?  The source IP address in the firewall is showing as the RAP's public IP, which is odd because if it terminates on the controller, you would think the controller's internal IP address would be the IP address listed as the source going out to the bad IP addresses.  

    Here is what I'm seeing:

    Capture.JPG

     

    Source address of 24.73.190.218 is a RAP.  Destination IP 128.232.110.31 is malicious.

     

    Makes no sense, but throwing it out there for comment.