Wireless Access

Reply
Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Drop broadcast and multicast VAP setting

I'm just looking for some clarification of exactly how this setting works. (In the Virtual AP profile -> Drop broadcast and multicast)

 

Assuming that all APs tunnel all user traffic back to the controller and that there are no APs that terminate traffic locally in a building.

 

If Drop broadcast and multicast is enabled, does the traffic get dropped at the AP or does the traffic make it back to the controller before getting dropped?  If it makes it to the controller, does it get dropped when it comes out of the GRE tunnel or does it still get forwarded out any wired layer-2 interfaces?

 

I presume that when this setting is enabled that no broadcast or multicast traffic leaves the controller toward any wireless users. 

 

The reason I ask is that I have one VAP (vap1) with Drop broadcast and multicast enabled and another VAP (vap2) with Drop broadcast and multicast disabled.  The devices on vap2 can see multicast traffic from devices on vap1.  What's even more weird is that vap1 devices are on a different vlan from devices on vap2.  Multicast routing is disabled everywhere so I would expcet the multicast traffic to stay isolated to the layer-2 vlan.

 

Does any of this make sense?  I can try to explain further if there are any questions.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Drop broadcast and multicast VAP setting


howardtopher wrote:

I'm just looking for some clarification of exactly how this setting works. (In the Virtual AP profile -> Drop broadcast and multicast)

 

Assuming that all APs tunnel all user traffic back to the controller and that there are no APs that terminate traffic locally in a building.

 

If Drop broadcast and multicast is enabled, does the traffic get dropped at the AP or does the traffic make it back to the controller before getting dropped?  If it makes it to the controller, does it get dropped when it comes out of the GRE tunnel or does it still get forwarded out any wired layer-2 interfaces?

 

I presume that when this setting is enabled that no broadcast or multicast traffic leaves the controller toward any wireless users. 

 

The reason I ask is that I have one VAP (vap1) with Drop broadcast and multicast enabled and another VAP (vap2) with Drop broadcast and multicast disabled.  The devices on vap2 can see multicast traffic from devices on vap1.  What's even more weird is that vap1 devices are on a different vlan from devices on vap2.  Multicast routing is disabled everywhere so I would expcet the multicast traffic to stay isolated to the layer-2 vlan.

 

Does any of this make sense?  I can try to explain further if there are any questions.


howardtopher,

 

Drop Broadcast and multicast drops the traffic at the controller.  A broadcast is unicast from the client to the controller, where it is forwarded to the wired network, but NOT back into the wireless network.  Your second VAP allows this traffic to be put back out onto the wireless network, so your clients will send, and see broadcasts on that subnet.

 

If both Virtual APs do not use any encryption, they most certainly can see the broadcasts in the Air, even on a different subnet.  Whether they do or not do something with it, depends on the client configuration.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Re: Drop broadcast and multicast VAP setting

Thanks for the reply and explanation.  That makes sense and explains what I've been seeing for the most part.

 

I'm still not sure how link-local multicast addresses are being seen on different vlans with no multicast routing or gateways in the mix.  The controller doesn't do this by default, does it?

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Drop broadcast and multicast VAP setting

What link local addresses do you mean?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Re: Drop broadcast and multicast VAP setting

224.0.0.251.  It's multicast DNS.

 

224.0.0.0/24 is non-routable, but for some reason if I'm on 10.10.11.20/24 I'm seeing a multitude of 224.0.0.251 packets from 10.10.12.0/24.  This should not be happening.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Drop broadcast and multicast VAP setting


howardtopher wrote:

224.0.0.251.  It's multicast DNS.

 

224.0.0.0/24 is non-routable, but for some reason if I'm on 10.10.11.20/24 I'm seeing a multitude of 224.0.0.251 packets from 10.10.12.0/24.  This should not be happening.


How are you "seeing" those packets?  What method are you using to see them?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎10-27-2011

Re: Drop broadcast and multicast VAP setting

Wireshark.

 

This is an 802.1x encrypted SSID that both subnets are on.

Guru Elite
Posts: 21,037
Registered: ‎03-29-2007

Re: Drop broadcast and multicast VAP setting

Okay.  Can you print a screenshot of the capture?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: