Wireless Broadcasts and Dynamic Vlans

merlinthemagic7 · December 4, 2022, 7:27pm

Hi,

We use radius to place wireless users in VLANs.
Question is: How is broadcast isolation maintained, when there are many different vlans in use on a particular BSSID?
Does MT use GTK for encrypting broadcasts?

We use “multicast-helper = full”, so multicasts are converted to unicast and delivered using the TK, the question is purely about broadcasts.

A related question, if an AP only has connected clients belonging to VLAN 10, will the AP still use air time on broadcasts arriving on the wire from other VLANs?

mkx · December 5, 2022, 3:25pm

Multicast-helper also works for broadcast packets (even though name of property doesn’t mention it). As I understand it, when multicast helper is enabled, broadcast/multicast frames get sent only unicast to each AP client and are not also broadcasted.

merlinthemagic7 · December 8, 2022, 10:20pm

Hi,

It appears you are correct. Packet capture shows e.g. arp arriving at the AP as broadcasts but at the client as unicasts.

Thank you.