Case of wired terminal network disconnection caused by AP offline

The customer maintenance personnel mistakenly connected the uplink port of the AP to the wired network port on the access switch, causing all wired terminals of the customer to lose network connectivity

1. It was learned from the customer that the wired terminal is configured with a static IP address and has security behavior software that continuously pings a public IP address. If the ping fails, the service remains normal; if the ping succeeds, the terminal"s network access is disconnected.

2. It was learned from the customer that service personnel mistakenly connected the AP to a wired network port causing the AP to go offline from the AC. Based on the packets captured through port mirroring on the switch it was confirmed that the incorrectly connected APs MAC address responded to the public network ICMP request from the wired terminal leading the security software on the terminal to disrupt the operation.

3. After the AP goes offline, it will restart every 10 minutes. Therefore, focus on reproducing this mechanism. It was found that after the AP restarts 6 times repeatedly after going offline, it will actively download the version through bootware during the next startup. At this time, bootware will first request an IP address. If the IP address cannot be obtained and such an ICMP request message is received, it will reply with 0.0.0.0 as the ICMP reply.

The trigger of this issue requires three conditions to be met: 

 1 . The AP is in the boot phase version state after going offline.

 2. The AP cannot obtain an IP address through DHCP.

 3. The terminal's ICMP packets can be forwarded to the incorrectly connected AP.  Meanwhile, the AP side will also optimize the bootware protocol stack to avoid the issue of replying to ICMP in AP boot mode.