@emm502 wrote:
any vlan that is configured on a wired ap profile should have a l3 address on the vlan interface of the controller and bcmc-optimization enabled?
Vlans tunneled to wired ports will replicate all L2 bcast and mcast that appears on the network, even things like STP BPDUs will be replicated to every AP that has that vlan tunneled. This can create a rapid increase in traffic should there be something generating a lot of bcast or mcast on the LAN side of the controller. It might also be that there is a loop (maybe) where some AP enet port ultimately reaches back to the same networks as the controller.
This may be unintentional, especially if sharing VLANs between wired and wifi, where sometimes client devices do odd things and copy packets between wired and wireless - this is not without precedent.
It is true that bcmc opt will prevent vrrp from flooding, but I don't think there should be a case where some user side wired VLAN should be needing VRRP.
Perhaps you can look to start collecting "show datapath util" and "show datapath frame" with airrecorder, then during the next spike, correlate it with the stats captured by airrecorder ?
The periodic nature of the spike is interesting, what is the actual time in between spikes in the 1day view and does it consistently happen between the same hours of the day (and what of after hours, weekends etc.)?