Controller Based WLANs

Explanation about all broadcast knobs in Aruba Controller?

Question: Explanation about all broadcast knobs in Aruba Controller?

 

 

Product and Software: This article applies to all Aruba Product and Aruba OS

Broadcast-filter ARP (Global firewall knob): This knob will enable ARP conversion on all VLANs. If this knob is enabled, all the broadcast ARPs destined to wireless clients that are part of the user table and station table are converted to unicast ARP requests.

Caution:Aruba strongly recommends disabling this knob in all deployments. This knob will be deprecated in future ArubaOS releases and network administrators should use the Virtual AP profile based “Convert Broadcast ARP Requests to Unicast” knob instead.

(config) # no firewall broadcast-filter arp

 

Drop Broadcast and Multicast (Virtual AP Knob): If enabled, this knob will drop all broadcasts and multicasts on a VAP except DHCP. In ArubaOS 6.1.3.1 and earlier, broadcast DHCP frames destined to wireless clients, i.e. broadcast DHCP offers/ACKs, are converted to unicast DHCP frames over the air by the “Drop Broadcast and Multicast” knob. In ArubaOS 6.1.3.2 and later, the function that converts broadcast DHCP offers/ACKs to unicast DHCP frames over the air is part of the “Convert Broadcast ARP Requests to Unicast” knob.

(config)# wlan virtual-ap "remote-employee"

broadcast-filter all

 

Convert Broadcast ARP Requests to Unicast (Virtual AP Knob): This knob will enable ARP conversion on a per VAP basis. If enabled on a VAP, all the broadcast ARPs destined to wireless clients that are part of the user table and station table are converted to unicast ARP requests.

(config)# wlan virtual-ap "remote-employee"

broadcast-filter arp

 

Broadcast (Wired AP Knob): This knob is effective only on wired ports in tunnel mode. When this knob is diasbled, flooded traffic from other Wired APs (in both tunnel and split-tunnel forwarding modes) and Virtual APs (in Tunnel, Decrypt Tunnel , and Split Tunnel forwarding modes ) will not be flooded to this Wired AP. In order for this to work, the Wired AP, where the Broadcast knob is set to disable, must be in the tunnel forwarding mode.

Note: Disabling this knob on a wired port might break communication between users/phones on this port and the users/phones on other VAPs or wired ports that are on the same VLAN. 
(config)# ap wired-ap-profile "wired-employee"
broadcast

 

Suppress-ARP (VLAN Knob): When enabled, Suppress-ARP will stop the flooding of unknown ARP Requests to tunnel or decrypt-tunnel VAPs that are in the same VLAN on which the unknown ARP request was received. This will happen regardless of the type of ingress port (i.e. LAN Port, Wired AP, or VAP) on which the unknown ARP request was received. The unknown ARP request will still be flooded out of LAN Ports, Wired APs (Tunnel/Trusted, Tunnel/Untrusted, and Split-Tunnel) and Split-Tunnel VAPs. In ArubaOS 6.1.3.2 and later, gratuitous ARPs are not dropped by the suppress-ARP knob and the suppress-ARP knob is effective only on tunnel or decrypt-tunnel VAPs with “Convert Broadcast ARP Requests to Unicast” knob enabled.

Note:An ARP request is considered unknown by the controller if the target IP in the ARP Request has no corresponding IP/MAC address pair in the datapath user table. In ArubaOS 6.1.3.1 and earlier, the suppress-ARP feature drops gratuitous ARPs on all wireless tunnels and enabling the suppress-ARP knob automatically enables the “Local-proxy-ARP” knob.

(config)# interface vlan 131
  suppress-arp

 

BC-MC Optimization (VLAN Knob): This will drop all the broadcast and multicast frames on a VLAN (both wired and wireless interfaces) except for ARP, DHCP, IPv6 router advertisement, IPv6 neighbor solicitation and VRRP traffic.

 

Local-proxy-ARP (VLAN Knob): If this is enabled on a VLAN, the controllers will proxy-ARP with target’s MAC address when we receive an ARP request on an L2 VLAN (no IP address configured on the VLAN interface). However, if the target IP is a known user on an L3 VLAN (IP address configured on the VLAN interface), the controller will respond with its MAC address instead.

Note: A known user is considered as someone that the controller is aware of either through route cache or user table.

Version History
Revision #:
1 of 1
Last update:
‎11-11-2014 05:52 AM
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.