Because IP Security (IPSec) secures IP traffic between end systems, some network traffic— principally non-IP traffic such as DHCP and Address Resolution Protocol (ARP)—goes unencrypted. If you want to prevent such traffic, you can use static IP addresses for each wireless station and use the Arp command to manually map IP addresses to media access control (MAC) addresses.

You might also see unencrypted NetBIOS traffic (to enable browsing, some stations broadcast NetBIOS traffic to all stations on a LAN). To prevent this traffic, turn off browser announcements from your servers and wireless stations or, better yet, disable NetBIOS.