[c-nsp] 1.1.1.0/24 and Cisco WLCs

Phil Mayers p.mayers at imperial.ac.uk
Mon Mar 11 10:37:18 EDT 2013


On 11/03/13 13:42, Tony Varriale wrote:

> engineer worth their salt does not use this.

Maybe. But a lot of people *have* used it, because I've seen it when 
doing webauth logins e.g. in airports, train networks, etc. And by 
definition, the people unwise enough to use it are also likely to be the 
people unwise enough to return and fix things up in the installations 
they did.

Cisco wrote docs suggesting that people did this:

"""
Enter the IP address of the controller's virtual interface. You should 
enter a fictitious, unassigned IP address, such as 1.1.1.1.
"""

http://www.cisco.com/en/US/docs/wireless/controller/2100/quick/guide/ctrl206q.html 
(amongst others)

This was always terrible, very naughty advice. That sentence should have 
read:

"""
You should enter an IP address from a range you control, such as public 
IPs owned by your organisation or RFC 1918 space e.g. 10.1.1.1
"""

Bad cisco! Bad! No treats for you!


More information about the cisco-nsp mailing list