Preview Tool

Cisco Bug: CSCsz31934 - WLC forwards traffic from WLAN to MAC-spoofing wireless client

Last Modified

Feb 15, 2018

Products (1)

  • Cisco 5500 Series Wireless Controllers

Known Affected Releases

4.2(176.0) 5.2(157.0) 5.2(193.0) 6.0(180.147)

Description (partial)

    A WLC may intermittently stop forwarding unicast traffic from its
    wireless clients.  I.e. the WLC receives the LWAPP encapsulated traffic 
    from the AP, but does not decapsulate it and forward it to the switch.
    This is seen on a WLC with about 115 1250s joined, with 400+ clients
    associated, all in the same SSID/VLAN, and with all clients
    transmitting multicast traffic (Bonjour/mDNS).  The behavior is seen
    regardless of whether multicast-unicast or multicast-multicast is configured
    on the WLC.
    Root cause:
    It appears that the multicast activity is triggering a bug in one or more
    wireless client, such that they begin forging the source MAC address of the
    WLAN's default gateway.  This causes the WLC to misroute traffic addressed
    offnet to the rogue client.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.