Wireless Access

Reply
Highlighted
Contributor II

MDNS multicast traffic is leaving controller cluster

Version: 8.5.0.2

 

I am having an issue where MDNS multicast traffic is not being dropped by the controller. On the VAPs, I have broadcast-filter all enabled. Airgroup is not enabled. However when I do a packet capture, I am seeing MDNS and IGMPv3 packets. On the upstream routers, I am also seeing these packets.

 

This is what my VAP looks like

wlan virtual-ap "name_VAP"
aaa-profile "name-aaa"
dot11k-profile "MC-dot11k"
vlan name-vlan
ssid-profile "name-ssid_prof"
broadcast-filter all

 

Why might this be happening?

Guru Elite

Re: MDNS multicast traffic is leaving controller cluster

That traffic will go out over the wire so that wireless devices can discover wired devices.  It should not go out over the wireless.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: MDNS multicast traffic is leaving controller cluster

Ahha I see. I was under the impression that option dropped multicast traffic. That's what we want. So if I wanted to stop the multicast traffic from exiting onto the wire I would need to do it on controller side and not do some storm control on the switch side cause it would errdisable the port.

What would be the suggested way of accomplishing this on the controller? Should I block mdns on the authenticated role perhaps? Doing some sort of outbound ACL seems more risky. Is there a real elegant solution perhaps?

Even with an igmp snooper, this is causing one of our routers to spike.

Thanks for the quick response.
Guru Elite

Re: MDNS multicast traffic is leaving controller cluster

You can block it in the authenticated role, or whatever role your users end up in.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: