Wireless Access

In relation to the below mentioned by cjoseph, I wanted to add a note that this looks to break airprint printing on MAC computers. Ipads for example use bonjour and query the network for available printers. None are found when these options are turned on. Just a note in case anyone else has a similar experience and wonders why.....

cjoseph wrote:

"Broadcast filtering at the Virtual AP level stops broadcasts and improves performance.

Anything that depends on multicast, will not work when you enable this.  Fortunately if you have active directory, nothing relies on multicast.

Most users enable "Brodcast Filter All" and "Broadcast Filter ARP" and enjoy better performance and very few drawbacks."

istong,

Correct.  Airprint relies on Bonjour which is a broadcast protocol.  This will not work with broadcast-filter-all enabled.  Fortunately, Airgroup is in beta and it allows users to enable broadcast filter all and still retain bonjour capability.

Great news.  Do you know if we will need any extra software or licenses or hardware for the Airgroup functionality (other than what looks like an upgrade to ArubaOS 6.1.5)?

Here is what I found in the tech brief:

"Full AirGroup capabilities are available as a feature of Aruba Wi-Fi solution where Wi-Fi data is centralized with a Mobility Controller (ArubaOS 6.1.5). Aruba ClearPass adds ownership and location based traffic control. This option is ideal for campus networks."

No extra licenses that I know of.

---

This will not work with broadcast-filter-all enabled.  Fortunately, Airgroup is in beta and it allows users to enable broadcast filter all and still retain bonjour capability.

 

---

Colin-

Is this still the case and will it continue to be so as it moves toward a GA release? I'm setting up an overlay controller and am left scratching my head. In the Current Airgroup Deployment Guide:

Under the section 'Configuring an Overlay Deployment Model', step 4 (page 16) prescribes VAP profile "no broadcast-filter all"

BUT

Under the section 'Recommendations for Deploying an overlay model" the third bullet (page 43) advises enabling 'broadcast-filter all".

I'm not inclined to disable bcast/mcast filtering on our prod networks, but would like to test the overlay model.  I don't want to get too far into the effort if it looks like it's not going to work...

kjspd,

What are you trying to do?

Right, a little context would probably help.

We have a VAP deployment across a single large layer 2 VLAN.  [Understandably not a great design but it solved a few problems for us during implementation.]  To date, it has really not been an issue for us broadcast/multicast wise as we enable 'broacast-filter all' on the VAP profile.

What I would like to do is a POC/Demonstration of Airgroup with our test controller acting as an overlay between this wireless network vlan and a wired segment. 

With a large L2 wireless VLAN, I would not be comfortable turning off bcast/mcast filtering on the VAP profile for the purposes of a POC.

My concern from reading the tech note is that with "broadcast-filter all" enabled on the VAP, the mDNS traffic will never hit the tunnel on the local controller to make it to the overlay controller.  The documentation on page 16 seems to indicate that you need to issue a "no broadcast-filter all" for airgroup to work.

But... your quote here:

---

@cjoseph wrote:

istong,

 

Correct.  Airprint relies on Bonjour which is a broadcast protocol.  This will not work with broadcast-filter-all enabled.  Fortunately, Airgroup is in beta and it allows users to enable broadcast filter all and still retain bonjour capability.

 

---

and the recommendation section of the documentation (p43) lead me to believe that the Controller will properly consume/process/tunnel the mDNS traffic and not drop it like it would other broadcast/multicast traffic despite the "broadcast-filter all" being enabled on the VAP Profile. Is this accurate?

Kevin