It will add the controller addresses it learns from OTAP to it's candidate list and send a discovery request to all the controllers in it's list. If it gets a response from a controller that is coded as Primary, Secondary or Tertiary it will never join the "foreign" controller.
The key is to code Primary, Secondary and Tertiary on your controllers and make sure Firewall's and ACL's block LWAPP/CAPWAP at your borders. -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Daniel Husand Sent: Tuesday, August 25, 2009 1:06 PM To: [email protected] Subject: Re: [WIRELESS-LAN] Cisco Wireless Vulnerability On 25/08/2009 18:02, Lee H Badman wrote: > FYI Block CAPWAP/LWAPP at your edge, be happy. Anyhow, I wonder, if an AP has been associated with a controller before, and discovers an OTAP controller on reboot; which one will it select? -- Daniel ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
