Setup: Cat9k switch with some Cisco APs connected to it. Access ports where the APs are connected have storm control configured on them. APs are managed by WLC. There are two SSID: one internal (super secure) and a guest access (users are only allowed to go to the internet).
Issue: An user connected to the guest network sends an excessive amount of broadcasts (like ARP requests) and brings the switchport down (because storm control steps in). This affects both the guest access SSID and the internal SSID.
Question: Can this be mitigated at the AP/WLC level? So far I've ran some packet captures on the switchport to identify the offending MACs and blacklist them in WLC, but this is not scalable. I'd be interested if there's something similar to storm control, but on the WLC, so that the broadcasts won't react the switchport.
No comments:
Post a Comment