Wireless Access

Curious if anyone has experienced a sudden barrage of controller traffic to the Internet (more than likely to RAPs or VIA users).  We have a 1gb Internet circuit that was fully pegged yesterday, which we found through our monitoring tool that the Aruba controller was the culprit.  Digging through our firewall also showed IPSEC as the top talkers, which further points to our remote sites on RAPs as the culprit.  

However, when digging further through Airwave, all RAPs are showing normal connectivity speeds.

We've seen this a few times now over the course of the last year and because it comes and goes it's never been able to be sniffed to the packet level.  

Just curious if anyone has experienced a similar situation, either with a massive broadcast storm or maybe even erroneous management traffic being sent from the controller.  Our monitoring tool, firewall, Airwave and controller don't give us the full picture.  Like chasing the wind. 

 

Are you using wired ports on those RAPs?  Do you have "Broadcast and Multicast Optimization" on those wired VLANs to prevent broadcasts from propagating?

Do you have "Drop Broadcast and Multicast Enabled" on your Virtual APs. to prevent broadcasts from propagating to your RAPs?

Do you have a "flat" vlan that exists on your raps and in your infrastructure?

Do your VLANs have wired and wireless clients on them?

 

Thanks for responding quickly as always, Colin. Here are the answers: 1. Yes, we are using wired ports on the RAPs. I've attached a document depicting our typical setup. The reason we put the small Cisco switch behind the RAP was so large print jobs wouldn't have to go to the controller, then come back to the printer. The switch keeps the local traffic local.. 2. No, "Enable BCMC Optimization" is not enabled on the controller for the VLAN used by both wired and wireless. (VLAN 188) 3. No, "Drop Broadcast and Unknown Multicast" is not enabled on the Virtual AP's in the RAP AP Group. However "Dynamic Multicast Optimizatoin (DMO)" is, as well as "Convert Broadcast ARP requests to unicast". 4. Yes, vlan 188 is defined in the controller, but also in the core infrastructure. However nothing uses it but RAPs. 5. No, our vlans do not have wired and wireless clients on them, with the exception of the RAP vlan 188.

How many RAPs and users do you have?

It is quite possible that you have a wired device that is sending out broadcasts at line rate and the controller is happily passing those broadcasts onto all of the other APs that have clients on those VLANs.  Please enable the BCMC Optimization knob on that VLAN to prevent this.

Makes sense.  We have 70 RAPs and a few hundred users + printers.