Cisco Bug: CSCsz31934 - WLC forwards traffic from WLAN to MAC-spoofing wireless client
Feb 15, 2018
- Cisco 5500 Series Wireless Controllers
Known Affected Releases
4.2(176.0) 5.2(157.0) 5.2(193.0) 6.0(180.147)
Symptom: A WLC may intermittently stop forwarding unicast traffic from its wireless clients. I.e. the WLC receives the LWAPP encapsulated traffic from the AP, but does not decapsulate it and forward it to the switch. Conditions: This is seen on a WLC with about 115 1250s joined, with 400+ clients associated, all in the same SSID/VLAN, and with all clients transmitting multicast traffic (Bonjour/mDNS). The behavior is seen regardless of whether multicast-unicast or multicast-multicast is configured on the WLC. Root cause: It appears that the multicast activity is triggering a bug in one or more wireless client, such that they begin forging the source MAC address of the WLAN's default gateway. This causes the WLC to misroute traffic addressed offnet to the rogue client.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases