Wireless Access

Frequent Contributor I

multicast issue

Setup : 2 x 7210 controllers. Wired networking (192.168.vlan.0) is a trunk containing vlans : 100 : used for controller trafic, has the default gateway 102 : guest wifi networking, controllers have an ip in this range 200 : staff wifi networking, controllers have an ip in this range Now we had an issue where someone plugged in two cables in a tplink router. These cables were connected to the same switch. This caused a multicast issue. As a consequence the wifi environment had issues. What did we notice? We finally noticed a lot of that multicast trafic on the Aruba controllers, noticable on the dashbard (98% multicast). When the problem was initially reported, we noticed all access points were down. A quick check (networking log, firewall,...) did not reveal anything broken or reconfigured. A ping to the vlan 100 address of the wifi controllers revealed frequent timeouts. After about 30 minutes we decided to reboot one wifi controller. This braught the ap's online on the other (master) controller. But altough the ap's were online, wifi was still not accessible for endusers. Most likely here because first thing staff members do when accessing wifi is to authenticate to a radius server in another vlan, and this timed out. Again, we were still facing ping timeouts in vlan 100. Strangely accessing the controller interface by http did work. Problem was identified by running wireshark, investigating where the multicasts were coming from, tracing this back to the incorrect setup and disabling that port on the switch. Currently i'm still trying to understand what happened. The wireshark trace we took in vlan 100 shows multicast trafic coming from vlan 102 and from an address The culprit device being a tplink home access point/router. I take this is an address which was distributed on the client side of that router (usually 192.168.). To my knowledge multicast trafic does not pass vlans. This should be correct as we did not suffer from this issue in all other (wired) vlans we have. What i still do not understand is : i suspect the Aruba controllers have an onboard (firewall) protection mechanism which engaged. Maybe even dropping our icmp requests from time to time? This would explain why http access to the dashboard still worked flawlessly?
Guru Elite

Re: multicast issue

The controller does have a CP (control plane) firewall that is supposed to limit the bandwidth from certain types of traffic, but it is absolutely not foolproof. Without having any logs of your system while you are having issues it is hard to guess what could be wrong.

You can enable broadcast-multicast optimization on any vlans that you want broadcast/multicast protection from, however.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: