What is "fdb update on Assoc" feature in VAP? How does it work?

Aruba Employee
Aruba Employee
Available in and above code versions
This article describes the implementation of  controller generating layer 2 update on behalf of client to update upstream bridge device forwarding tables 
"FDB Update on Assoc" This parameter enables seamless failover for silent clients, allowing them to reassociate. If you select this option, the controller will generate a Layer 2 update on behalf of client to update forwarding tables in bridge devices.
Default: Disabled
Most of the 802.11 client on association sends some L2/L3 traffic which results in update of upstream bridge device forwarding table aka fdb/bridge table. It is possible client after association does not send any data traffic; such clients are termed as “silent clients” and thus during failover (from one Controller to another) downstream traffic to client gets black holed as upstream bridge entry still points to old Controller. This feature deals with Controller generating layer 2 update on behalf of client right after association so that upstream bridge device can update their bridge tables.
For instance a customer who uses wireless bridge and during failover it just re-associates and does not send any data traffic; thus it’s a silent client. Customer wants Controller to generate Layer 2 update which can fix upstream device bridge entry for such silent clients
Under wlan virtual AP there is a new knob
(Aruba3200) (Virtual AP profile "foo") # fdb-update-on-?     
fdb-update-on-assoc     Mobility controller will generate Layer 2 update on 
                                  behalf of client to update forwarding tables in 
                                  bridge devices
This is by default “OFF”. Virtual AP(s) which deals with silent clients can enable this so that Controller can generate Layer 2 update.
Most of the time client sends data traffic after association; this implicitly takes care of updating devices forwarding tables to the station’s current location. Thus there is no need to always generate an Layer 2 update on behalf of client after association. The Layer 2 update is an L2 broadcast packet generated by Controller on behalf of client which will be flooded across all vlan members.
This is an expensive operation hence a knob under “wlan virtual AP” profile is introduced which tells datapath whether there is need to generate Layer 2 update for given station or not.
Version history
Revision #:
1 of 1
Last update:
‎07-11-2014 01:47 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: