Question: How do I block HSRP traffic entering into the WLAN when an Aruba controller is connected directly to a Cisco switch?
Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.1.28 and later.
To block HSRP traffic entering into an Aruba controller, create an ACL that will deny UDP 1985.
To create this ACL, issue these commands:
ip access-list session hsrp-deny
any any udp 1985 deny
any any any permit
!
Add this ACL to the uplink port that is connected to the Cisco switch, by issuing the following command:
ip access-group HSRP_DENY_ROLE session
!
Note: If you have two Cisco HSRP routers connected to two different ports on the Aruba controller, this may cause the router to not form the HSRP group properly. If you just want to avoid flooding HSRP/VRRP/spanning tree hellos to the air without breaking the wired network integrity, use broadcast-filter-arp/all in ArubaOS 3.3.2.10 and later.