@howardtopher wrote:
I'm just looking for some clarification of exactly how this setting works. (In the Virtual AP profile -> Drop broadcast and multicast)
Assuming that all APs tunnel all user traffic back to the controller and that there are no APs that terminate traffic locally in a building.
If Drop broadcast and multicast is enabled, does the traffic get dropped at the AP or does the traffic make it back to the controller before getting dropped? If it makes it to the controller, does it get dropped when it comes out of the GRE tunnel or does it still get forwarded out any wired layer-2 interfaces?
I presume that when this setting is enabled that no broadcast or multicast traffic leaves the controller toward any wireless users.
The reason I ask is that I have one VAP (vap1) with Drop broadcast and multicast enabled and another VAP (vap2) with Drop broadcast and multicast disabled. The devices on vap2 can see multicast traffic from devices on vap1. What's even more weird is that vap1 devices are on a different vlan from devices on vap2. Multicast routing is disabled everywhere so I would expcet the multicast traffic to stay isolated to the layer-2 vlan.
Does any of this make sense? I can try to explain further if there are any questions.
howardtopher,
Drop Broadcast and multicast drops the traffic at the controller. A broadcast is unicast from the client to the controller, where it is forwarded to the wired network, but NOT back into the wireless network. Your second VAP allows this traffic to be put back out onto the wireless network, so your clients will send, and see broadcasts on that subnet.
If both Virtual APs do not use any encryption, they most certainly can see the broadcasts in the Air, even on a different subnet. Whether they do or not do something with it, depends on the client configuration.