Wireless Access

Reply

broadcast-filter arp/all for split-tunnel

I understand these options should not be enabled for bridged ssids.

What is not clear to me is the recommended settings for split-tunnel.

Particularly interested in guest split-tunnel where all traffic for authenticated users is 'route src-nat'.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: broadcast-filter arp/all for split-tunnel

It doesn't really mean anything for bridged SSIDs.  It also does not mean anything for split-tunneled SSIDs.  Having it enabled does not really do anything.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: broadcast-filter arp/all for split-tunnel

Thanks.  Good to know.

Has that changed recently, cause I know in the past having 'broadcast-filter arp' enabled on a bridged ssid caused things to break?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: broadcast-filter arp/all for split-tunnel

Not that I know of.  Those knobs are really processed at the controller;  bridged SSIDs traffic is processed at the AP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: broadcast-filter arp/all for split-tunnel

From the CLI guide it says,

 

Do not enable this option for virtual APs configured in bridge forwarding mode.  This configuration parameter is only intended for use for virual APs in tunnel mode. In tunnel mode, all packets travel to the controller, so the controller is able to convert ARP requests directed to the broadcast address into unicast. When a virtual AP is configured to use bridge forwarding mode, most data traffic stays local to the AP, and the controller is not able to convert that broadcast traffic.

 

In the past this means that if you enable that on a bridged ssid, things break.  Devices connect then after a while disappear from the network, until you reboot them.  If that parameter is overridden or ignored when the ssid is set to bridged, that is good.

 

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: broadcast-filter arp/all for split-tunnel

You should do what the user guide says....



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: broadcast-filter arp/all for split-tunnel

but the guide doesn't say what to do for split-tunnel.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: broadcast-filter arp/all for split-tunnel

Why don't you try it and tell us.  I have not seen a problem either way.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: broadcast-filter arp/all for split-tunnel

Michael_Clarke,
I have it enabled on split-tunnel and doesn't break anything for 2 very large customers, no issues.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: