Ryan, Believe it or not the filter does not dent the controller CPU in the least. Aruba was the one who recommended the filter to cut down CPU usage. All of our controllers running under 1% on all CPU's.
BTW: I like the last name! We could be brothers........... Thanks Stephen Holland Network Engineer Northeastern University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Ryan Holland Sent: Wednesday, June 30, 2010 2:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] blocking broadcast/multicast? Stephen, Blocking IPv6 via the policy enforcement firewall can add an incredible amount of processing on the controller, as each and every frame must be inspected. If you do not support v6 on wireless, it is much more efficient to just turn it off. You said "vlan pooling", so I assume you have Aruba. Issue the following: no ipv6 enable ========== Ryan Holland Network Engineer, Wireless Office of the Chief Information Officer The Ohio State University 614-292-9906 holland....@osu.edu<mailto:holland....@osu.edu> On Jun 30, 2010, at 1:59 PM, Holland, Stephen wrote: We found that IPv6 broadcast traffic contributed significantly to our wireless broadcast traffic. Since we don't support IPv6 on the wireless network we blocked the ethertype for IPv6 on our wireless controllers. Also, running vlan pooling with /23's. On a different topic related to bcast/mcast. Our wireless controllers connect to a pair of 4948 switches which then connect to Cisco routers which provide the vlans for wireless users. We use HSRP for redundancy. We realized there is no need to send the mcast traffic for HSRP out to the vlans which support our wireless users. As long as the routers see each other's HSRP updates it does not make sense to forward them to the wireless network. We created a filter to block the HSRP updates on the 4948 switches and applied it in the outbound direction toward the wireless controllers. For some reason the filter did not work. Doing some testing we found the filter is working because it drops updates if we apply it in the inbound direction. Does anybody know the filter would not work in the outbound direction?. Thanks Stephen Holland Network Engineer Northeastern University From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Marcelo Lew Sent: Wednesday, June 30, 2010 10:05 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] blocking broadcast/multicast? Hi Bruce, looks like we have a very similar setup. I was thinking of doing what you described on the second paragraph of your reply. Marcelo Lew Wireless Network Specialist University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax: (303) 871-5900 Email: m...@du.edu<mailto:m...@du.edu> From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:wireless-...@listserv.educause.edu] On Behalf Of Osborne, Bruce W. (NS) Sent: Wednesday, June 30, 2010 5:31 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] blocking broadcast/multicast? Marcelo, You need to be careful blocking broadcasts, or you may need to statically set ip addresses on all your clients. DHCP uses broadcast. We are an Aruba shop. On our normal data SSIDs we set "Drop Broadcast and Multicast" and "Convert Broadcast ARP requests to unicast" On our high speed (5GHz 802.11n only, 24mbit lowest transmit rate) we allow multicast to the students can watch IPTV video on wireless. To accomplish this, we have "Dynamic Multicast Optimization" enabled, which converts the multicast streams to unicast. Without "Dynamic Multicast" Optimization" multicast data is limited to the rate of the slowest 802.11 client. Blocking multicast is a good way to reduce unnecessary airtime. We use a VLAN pool of /23 networks to reduce the local broadcast domain for each client too. This helps reduce unnecessary traffic. Bruce Osborne Network Engineer Liberty University From: Marcelo Lew [mailto:m...@du.edu] Sent: Tuesday, June 29, 2010 1:10 PM Subject: blocking broadcast/multicast? Wondering how many of you are blocking broadcast/ multicast on the wifi network? If so, do you allow it on certain SSIDs? Do you get a lot of user complains about this? I would like to reduce unnecessary use of airtime, however, "unnecessary" can mean many different things depending who you ask... Marcelo Lew Wireless Network Specialist University Technology Services University of Denver Desk: (303) 871-6523 Cell: (303) 669-4217 Fax: (303) 871-5900 Email: m...@du.edu<mailto:m...@du.edu> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ________________________________ Spam<https://antispam.osu.edu/b.php?i=1057683753&m=9dff9bf17037&c=s> Not spam<https://antispam.osu.edu/b.php?i=1057683753&m=9dff9bf17037&c=n> Forget previous vote<https://antispam.osu.edu/b.php?i=1057683753&m=9dff9bf17037&c=f> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
