I have a large wireless Point-of-Sale network and the firmware has a bug and until they fix it my WLC is getting slammed with multicast 224.0.0.1 packets destined to 0.0.0.0. Which is cascading to other SSIDs on the WLC. If my APs were Autonomous I could prevent the mcast/bcast storm but since they are LWAPP I can't find a way to prevent the bcast/mcast storm coming from my wifi.

Hi Friend,

I did not understood your line "multicast 224.0.0.1 packets destined to 0.0.0.0".

Multicast packets will be destined to 224.0.0.1 which I understand but how it is destined to 0.0.0.0? Can you please confirm what is that packet type and which address it is destined to? Also can you attach one packet capture? May be we can get to some solution?

Also did you tried "config network broadcast disable"?

Regards,

Ankur

Sorry source is 0.0.0.0 destination is 224.0.0.1. yes I tried "config network broadcast disable" also.

I sniffed the WiFi and I'm getting a broadcast ARP storm asking for who has 224.0.0.1 Tell 0.0.0.0 causing the WLC "RX Multicast Queue Full" error messages.

Hi Friend,

Oki I need some outputs from your side. Can you attach those ARP packets which you captured on AIR and attach it here? Also can you update your vlan/interface to which your WLAN is mapped is binded to only one wlan or multiple wlans? Also those packets are travelling on which all WLANs? Can you capture thos epackets on ethernet also on controlelr port connected to switch and attach it here?

Regards,

Ankur

The following is capture off the network:

No. Time Source Destination Protocol Info

1 0.000000 IeeeRegi_2a:ef:34 Broadcast ARP Who has 224.0.0.1? Tell 0.0.0.0

Frame 1 (60 bytes on wire, 60 bytes captured)

Arrival Time: Jul 19, 2007 17:22:19.500344000

[Time delta from previous captured frame: 0.000000000 seconds]

[Time delta from previous displayed frame: 0.000000000 seconds]

[Time since reference or first frame: 0.000000000 seconds]

Frame Number: 1

Frame Length: 60 bytes

Capture Length: 60 bytes

[Frame is marked: False]

[Protocols in frame: eth:arp]

[Coloring Rule Name: ARP]

[Coloring Rule String: arp]

Ethernet II, Src: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34), Dst: Broadcast (ff:ff:ff:ff:ff:ff)

Destination: Broadcast (ff:ff:ff:ff:ff:ff)

Address: Broadcast (ff:ff:ff:ff:ff:ff)

.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)

.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)

Source: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34)

Address: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Type: ARP (0x0806)

Trailer: 000000000000000000000000000000000000

Address Resolution Protocol (request)

Hardware type: Ethernet (0x0001)

Protocol type: IP (0x0800)

Hardware size: 6

Protocol size: 4

Opcode: request (0x0001)

Sender MAC address: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34)

Sender IP address: 0.0.0.0 (0.0.0.0)

Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)

Target IP address: 224.x.x.1 (224.x.x.1)

I'm getting bcast stormed with the following:

Thu Jul 26 21:02:01 2007: dtlArpRequest: Recv ARP Request from mobile xxxxxx for IP 224.0.0.1. forward to DS 1.Thu Jul 26 21:02:01 2007: dtlArpRequest: Arp request. src: xxxxxxx src ip: 0.0.0.0, tgt ip: 224.0.0.1 intf num: 1, vlan id: xxxxx, node type: 2, mscb: found Thu Jul 26 21:02:01 2007: dtlArpFindClient:ARP look-up for 224.0.0.1 failed (not a client).

Hi Friend,

I believe some loop in created. Is it possible for you to capture AIR on Aireopeek and ether real on controller port connected to switch and attach it to this post?

Regards,

Ankur

The following is a ether real capture on the controller. I'm not on site to capture WiFi packets and previously I sent debug capture off the WLC.

No. Time Source Destination Protocol Info

20 0.685621 IeeeRegi_2a:ef:1b Cisco_5b:2d:80 ARP Who has 224.0.0.1? Tell 0.0.0.0

Frame 20 (108 bytes on wire, 108 bytes captured)

Ethernet II, Src: Cisco_c2:a8:0a (00:19:06:c2:a8:0a), Dst: Cisco_ca:94:43 (00:19:e7:ca:94:43)

Internet Protocol, Src: 10.7.8.3 (10.7.8.3), Dst: 10.7.8.5 (10.7.8.5)

User Datagram Protocol, Src Port: 10880 (10880), Dst Port: 12222 (12222)

LWAPP Encapsulated Packet

IEEE 802.11

Logical-Link Control

Address Resolution Protocol (request)

No. Time Source Destination Protocol Info

21 0.705358 IeeeRegi_2a:ef:1d Cisco_5b:2d:80 ARP Who has 224.0.0.1? Tell 0.0.0.0

Frame 21 (108 bytes on wire, 108 bytes captured)

Ethernet II, Src: Cisco_c2:a8:0a (00:19:06:c2:a8:0a), Dst: Cisco_ca:94:43 (00:19:e7:ca:94:43)

Internet Protocol, Src: 10.7.8.3 (10.7.8.3), Dst: 10.7.8.5 (10.7.8.5)

User Datagram Protocol, Src Port: 10880 (10880), Dst Port: 12222 (12222)

LWAPP Encapsulated Packet

IEEE 802.11

Logical-Link Control

Address Resolution Protocol (request)

No. Time Source Destination Protocol Info

22 0.785943 IeeeRegi_2a:ef:1b Cisco_5b:2d:80 ARP Who has 224.0.0.1? Tell 0.0.0.0

Frame 22 (108 bytes on wire, 108 bytes captured)

Ethernet II, Src: Cisco_c2:a8:0a (00:19:06:c2:a8:0a), Dst: Cisco_ca:94:43 (00:19:e7:ca:94:43)

Internet Protocol, Src: 10.7.8.3 (10.7.8.3), Dst: 10.7.8.5 (10.7.8.5)

User Datagram Protocol, Src Port: 10880 (10880), Dst Port: 12222 (12222)

LWAPP Encapsulated Packet

IEEE 802.11

Logical-Link Control

Address Resolution Protocol (request)