Reply
Emerging Member
Posts: 67
Registered: ‎07-16-2013
Kudos: 22

"Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clients

[ Edited ]

Seeing a behavior that when "Block LAN to WLAN Multicast and Broadcast Data" is enable, wireless clients cannot ping each other by ip address. Guest policy is not enabled on this network. Seems like wireless clients cannot arp for other wireless clients.  However, wireless clients can arp and ping for clients on wired side of network.

 

Is this behavor expected or bug?  This is a great feature to keep air time utiilzation low, but I can't enable this for a wireless network where wlan unicast between clients is expected to work.

 

Controller:5.4.18.1

FW:3.8.3.6587 UAP-AC-Pro

 

SuperUser
Posts: 8,216
Registered: ‎01-05-2012
Kudos: 2178
Solutions: 1086

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

[ Edited ]

This happens even with clients associated to the same AP, or with clients associated to different APs ?
Cheers,
jonatha

Edit... just tried on mine, seems working as expected, wireless clients associated to the same AP, are able to talk to each other, while clients associated to different APs don't, arp requests won't be forwarded out when coming from 'lan' side of the AP, (wireless client>> lan>>wireless client), different is if I ping, from hostA, hostB, while associated to the same AP, then I move hostB to a different AP, in this case, since hostA already knows the mac of host B, there is not arp request, so it can talk to hostB (at least until the timeout for the arp entry), is shown here

Bcast.JPG

Emerging Member
Posts: 67
Registered: ‎07-16-2013
Kudos: 22

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

[ Edited ]

This happens even with clients associated to the same AP, but on different bands.

 

@redfiveYour explanation make sense if going between the 2.4 radio and 5ghz is considered "lan" side traffic. Based on the description at the bottom of this link, it seems plausable: https://help.ubnt.com/hc/en-us/articles/115001529267-UniFi-Managing-Broadcast-Traffic#how%20broadcas...

 

However, the feature at its current state does not solve the problem in corporate wifi equipment where some unicast traffic between wlan clients are expected, but broadcast/multicast traffic (ie. mDNS, Apple Bonjour or even netbios) is not needed and wasting airtime.

 

If ARP is not blocked by this feature, then unicast should work even when clients associates on different APs. (with some airtime utilized by arp)

 

I'm making some assumptions here. Anyone from UBNT want to confirm if the behavior I'm seeing is expected?

 

Member
Posts: 182
Registered: ‎01-25-2017
Kudos: 45
Solutions: 14

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

  Unicast does work, but ARP relies on brodcast to function.

 

"The arp request message ("who is X.X.X.X tell Y.Y.Y.Y", where X.X.X.X and Y.Y.Y.Y are IP addresses) is sent using the Ethernet broadcast address, and an Ethernet protocol type of value 0x806. Since it is broadcast, it is received by all systems in the same collision domain (LAN)."

 

KuoH

 


@addp009 wrote:

 

If ARP is not blocked by this feature, then unicast should work even when clients associates on different APs. (with some airtime utilized by arp)

 


 

Emerging Member
Posts: 67
Registered: ‎07-16-2013
Kudos: 22

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

I figured out a solution to restore unicast connectivity with the block enabled. On the gateway interface of the network, enable proxy_arp_pvlan. The router will reply with its own mac address when it hears an arp request for an ip address it knows about. Client A will send unicast packet destined for Client B with the mac address of the gateway interface. The router will then "route" the packet back out the same interface toward the Client B with the proper mac address.

 

This is also know as ip local-proxy-arp in cisco.

 

I tested this out with an EdgeRouter X. Unfortunately, the config isn't exposed in the gui or cli, but bash works. Edgerouter Lite and Pro have this already.

 

https://community.ubnt.com/t5/EdgeMAX/Add-proxy-arp-pvlan-to-switch-interfaces-for-ERX/m-p/1998481

 

Note that this is going to add extra load on the gateway router, so you probably don't want to use this for high traffic enviroments. But for most enterprise wifi network where inter-vlan traffic is very light, this solves the problem while keeping broadcast / multicast blocked.

New Member
Posts: 3
Registered: ‎05-29-2018

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

Thanks for the informations here.

I've got VoIP apps running on iPhones here and with "Block LAN to WLAN Multicast and Broadcast Data" enabled I cannot talk to client B from client A. The call is signaled but you cannot hear the other side talking. I guess the clients try to start an unicast connection for talking and this fails.

New Member
Posts: 12
Registered: ‎01-20-2018

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

I am confused by the language used. This box is unchecked by default but the verbiage in the explanation for this option suggests that you should check the box by default.
New Member
Posts: 3
Registered: ‎05-29-2018

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

It is unchecked by default because it can lead to various problems. But probably you do not want all the multicast/broadcast data in your WLAN.

New Member
Posts: 12
Registered: ‎01-20-2018

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien

So it can lead to problems if it is checked so that the traffic is blocked?

It just appears counter intuitive. It is initially unchecked but the description says better to check this box?
Member
Posts: 229
Registered: ‎04-22-2018
Kudos: 26
Solutions: 2

Re: "Block LAN to WLAN Multicast and Broadcast Data" blocks unicast between wireless clien


@PaddyPDX wrote:
I am confused by the language used. This box is unchecked by default but the verbiage in the explanation for this option suggests that you should check the box by default.

Confused too by the language.

Mine is also unchecked.  My understanding is Multicast is only beneficial if you use IPTV, correct?  So if we use that with an ATV on our LAN, then checking the box on our wifi would prove to not create an issue?

 

 


AP AC LITE
UAP nanoHD (x2)
Edgerouter 4
Reply