We are currently utilizing three VAP's. Two of which have the drop broadcast and unknown multicast option checked and are certainly having the issue. The other, I have not been able to test. The issue (I think) lies within the default provisioning of the AP's themselves. This is fine where all AP's are directly connected to same subnet as the controller (by either a fiber circuit or in same physical location as controllers) but at the remote sites, where they are "tunneled" back to our main office, we see the severe degregation in network performance. In one speed test today, I had 0mbps down and .2 up...but at sites that are on the same local network, anywhere from 50-85 mbps. It leads me to believe the AP's are either not provisioned properly, or that the payload is encrypted via IPSEC at the AP, then sent through another IPSEC tunnel back to the controller and that is where the issue lies.