Wireless Access

Version: 8.5.0.2

 

I am having an issue where MDNS multicast traffic is not being dropped by the controller. On the VAPs, I have broadcast-filter all enabled. Airgroup is not enabled. However when I do a packet capture, I am seeing MDNS and IGMPv3 packets. On the upstream routers, I am also seeing these packets.

 

This is what my VAP looks like

wlan virtual-ap "name_VAP"
aaa-profile "name-aaa"
dot11k-profile "MC-dot11k"
vlan name-vlan
ssid-profile "name-ssid_prof"
broadcast-filter all

 

Why might this be happening?

That traffic will go out over the wire so that wireless devices can discover wired devices.  It should not go out over the wireless.

Ahha I see. I was under the impression that option dropped multicast traffic. That's what we want. So if I wanted to stop the multicast traffic from exiting onto the wire I would need to do it on controller side and not do some storm control on the switch side cause it would errdisable the port.

What would be the suggested way of accomplishing this on the controller? Should I block mdns on the authenticated role perhaps? Doing some sort of outbound ACL seems more risky. Is there a real elegant solution perhaps?

Even with an igmp snooper, this is causing one of our routers to spike.

Thanks for the quick response.

You can block it in the authenticated role, or whatever role your users end up in.