Controller Based WLANs

What is FDB update on Assoc on VAP profile config on controller ?
Q:

What is FDB update on Assoc on VAP profile config on controller ?



A:

  • 802.11 client on association sends some L2/L3 traffic which results in update of upstream bridge device forwarding table aka fdb/bridge table.
  • It is possible client after association does not send any data traffic; such clients are termed as “silent clients” and thus during failover (from one Controller to another) downstream traffic to client gets black holed as upstream bridge entry still points to old controller.
  • This feature deals with controller generating layer 2 update on behalf of client right after association so that upstream bridge device can update their bridge tables.'

 

Steering Mode                                   prefer-5ghz

Dynamic Multicast Optimization (DMO)            Disabled

Dynamic Multicast Optimization (DMO) Threshold  6

Drop Broadcast and Unknown Multicast            Disabled

Convert Broadcast ARP requests to unicast       Enabled

Authentication Failure Blacklist Time           3600 sec

Blacklist Time                                  3600 sec

Deny inter user traffic                         Disabled

Deny time range                                 N/A

DoS Prevention                                  Disabled

HA Discovery on-association                     Enabled

Mobile IP                                       Enabled

Preserve Client VLAN                            Disabled

Remote-AP Operation                             standard

Station Blacklisting                            Enabled

Strict Compliance                               Disabled

VLAN Mobility                                   Disabled

WAN Operation mode                              always

FDB Update on Assoc                             Enabled

WMM Traffic Management Profile                  N/A

Anyspot profile                                 N/A


(Aruba3200) (Virtual AP profile "foo") # fdb-update-on-?    
fdb-update-on-assoc     Mobility controller will generate Layer 2 update on
                                  behalf of client to update forwarding tables in
                                  bridge devices

How it works

  •  Client sends data traffic after association; this implicitly takes care of updating devices forwarding tables to the station’s current location and hence there is no need to always generate an Layer 2 update on behalf of client after association. 
  • The Layer 2 update is an L2 broadcast (dmac all 0xff) packet generated by MC on behalf of client which will be flooded across all vlan members. This is an expensive operation hence a knob under “wlan virtual AP” profile is introduced which tells datapath whether there is need to generate Layer 2 update for given station or not.

Use-case

  • When wireless bridge and during failover it just re-associates and does not send any data traffic; thus it’s a silent client.
  • If the requirement is to have controller to generate Layer 2 update which can fix upstream device bridge entry for such silent clients.

 

 

 

 

Version history
Revision #:
2 of 2
Last update:
‎05-18-2016 01:39 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.