Wireless Access

Reply
Regular Contributor I
Posts: 190
Registered: ‎04-27-2009

Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

hello,

 

im not sure how/where to troubleshoot . default the broadcast-filter ARP option in stateful firewall options is disabled and not checked. also in the VAP option "drop broadcast multicast traffic" is also not checked.

 

i have one VAP with some plain wpa2-psk network accessing as "authenticated" role in some corporate network. while having those 2 options active , bonjour protocol which is used by messengers like pidgin cant be used for wifi clients which are connected to this VAP wifi .

 

if i disable and get those 2 options back to "default" values 2 clients in this wifi network which are domain members have sporadic issues to connect to corporate fileshare server or exchange and several laggy connection problems are issueing on them.

 

i have 2 other notebook clients with intel proset and latest wifi drivers which dont have those issues, but those 2 clients arent members of the domain. also there are no special domain settings where traffic is restricted or something.

 

the funny thing here is : if i re-enable (and therefore DROP broadcasts again) the option in the VAP again then those 2 problem clients dont have issues again with fileshare/smb/exchange access. also this problem is not static it only appears "sometimes". im not sure where to troubleshoot here.

 

additonal info : i kept the opton "broadcast filter ARP" always checked during the temporary disable of the VAP option "drop broadcast". i dont think that's important to disable this option too.

 

anyone else experiencing or had experiencing such issues ?

 

there's no proxy actice, just a plain wp2-psk network accessing corporate network without any firewall restrictions , clients/controller/exchange/fileserver are all in the same subnet.

 

regards

ben

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

You have two competing objectives:

 

- Connectivity for Bonjour

- Stable and reliable wifi

 

Broadcasts are the enemy of wifi, because wifi clients stop transmitting when they see traffic in the air.  Since you are running wifi clients and wired clients in the same subnet, the wired clients can send broadcasts at will, choking off the wifi clients' traffic.  This presents itself as a connectivity issue on the wireless side.  

 

When running wireless, you want to avoid (1) putting wired and wireless clients in the same subnet (2) running any wireless applications that depend on broadcasts or multicast

 

You have to choose between your broadcast applications and reliable wifi.

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 190
Registered: ‎04-27-2009

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

Why only 2 clients facing those issues ? With my other 2 notebooks in same Wifi i never have any access problems on fileshare/exchange or something . That's why i wonder.

 

Also this option is normally disabled and not enabled, so more people should have such issues or ?I dont think everyone is always "enabling" this option cause people often stay at default values .

 

Lots of people put wired/wifi clients in same corporate network so they dont have to create new subnets. Customers expect that wifi networks behave same with same features as the old "dead" ethernet . besides the usual wifi problems regarding speed/performance.

 

i think that there's some issue on those 2 notebooks while i dont experience this on other units... anyone else facing such issues?

 

regards

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

You would need to give us some details on those two notebooks like what operating system, what network card, what version of driver, what supplicant you are using.

 

Wired and wireless cannot co-exist unless you drop broadcasts, because it degrades wireless clients and that is a fact.  When wireless is first installed, and you do not have many clients in the network, it seems like things are working fine.  As more clients come on the network, it just gets worse and worse and people wonder what is wrong.  The problem most of the time is contention and congestion.  This normally helped by dropping broadcasts on the wifi side.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 45
Registered: ‎06-16-2009

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

Also, please let us know what type of clients are working so that this will help us narrow down the issue, e.g. Macs work and they are running 10.7.2 or whatever.


Harold
Regular Contributor I
Posts: 190
Registered: ‎04-27-2009

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

In this case all clients are Windows7 ,

 

the 2 problem clients are running :

 

-windows 7 , 64bit , enterprise , using the zero-touch windows wifi client , and driver version from i think 2010 , adapters are intel 5100abgn or 5300 , clients are lenovo t500/t510

 

the 2 other (mine) clients which dont face the problem are :

 

-windows7 , 32bit and 64bit, enterprise, one (the 64bit one) with intel 5100abgn using intel-proset version 13.x , and the other 32bit without intel proset tool

 

you can say that the 2 problem clients are just using the plain windows7 onboard wifi drivers or slightly newer ones, i in my case like the intel proset stuff to have proper wifi connection to radius/ldap , thats why im always using latest versions of intel wifi drviers, the 32bit machine without intel proset uses the lenovo modified intel proset which is updated via lenovo thinkvantage update tool.

 

regards

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

How large is the subnet that your clients are connecting to? How many clients are on that subnet. If you are running something large, like a /21, the broadcast traffic from the clients will kill the network throughput.

Thanks,

Zach Jennings
Regular Contributor I
Posts: 190
Registered: ‎04-27-2009

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

approx 30 ethernet clients, it's some /24 network , several appliances inside about 10 appliances, approx 30 clients as mentioned and wifi clients only 4-5 .

 

overall approx 40-50 IP's ,

 

regards

 

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Drop Broadcast / Multicast in VAP , Stateful Firewall Broadcast Filter ARP // Problem

That shouldn't be enough to cause problems with enabling broadcast/multicast. Unless of course one or more of those computers has a virus.

Thanks,

Zach Jennings
Search Airheads
Showing results for 
Search instead for 
Did you mean: