07-26-2007 09:02 PM - edited 07-03-2021 02:24 PM
Does anyone know how to protect your WLC from Multicast/Broadcast storms coming for LWAPPs? I have enabled "config network multicast global disable" on WLC cli but this only protects you from wired storms. I have upgraded the OS to 4.1.181.0 didn't work. Can't enable bcast storm control on the switchport because all the traffic is tunneled to the WLC. Can't create a ACL on the WLC to block mcast/bcast packets. Any help would be greatly appreciated.
07-26-2007 09:16 PM
Hi Friend,
First question comes here is WHY are you getting broadcast and multicast stroms from LWAPPs?
Also you can use "config network broadcast disable" command which will not allow controller to pass any broadcast packets.
But WHY are you getting broadcast is the matter of concern? Can you explain the same?
Regards,
Ankur
07-26-2007 09:54 PM
I have a large wireless Point-of-Sale network and the firmware has a bug and until they fix it my WLC is getting slammed with multicast 224.0.0.1 packets destined to 0.0.0.0. Which is cascading to other SSIDs on the WLC. If my APs were Autonomous I could prevent the mcast/bcast storm but since they are LWAPP I can't find a way to prevent the bcast/mcast storm coming from my wifi.
07-26-2007 10:28 PM
Hi Friend,
I did not understood your line "multicast 224.0.0.1 packets destined to 0.0.0.0".
Multicast packets will be destined to 224.0.0.1 which I understand but how it is destined to 0.0.0.0? Can you please confirm what is that packet type and which address it is destined to? Also can you attach one packet capture? May be we can get to some solution?
Also did you tried "config network broadcast disable"?
Regards,
Ankur
07-26-2007 10:30 PM
Sorry source is 0.0.0.0 destination is 224.0.0.1. yes I tried "config network broadcast disable" also.
07-26-2007 10:41 PM
I sniffed the WiFi and I'm getting a broadcast ARP storm asking for who has 224.0.0.1 Tell 0.0.0.0 causing the WLC "RX Multicast Queue Full" error messages.
07-26-2007 10:49 PM
Hi Friend,
Oki I need some outputs from your side. Can you attach those ARP packets which you captured on AIR and attach it here? Also can you update your vlan/interface to which your WLAN is mapped is binded to only one wlan or multiple wlans? Also those packets are travelling on which all WLANs? Can you capture thos epackets on ethernet also on controlelr port connected to switch and attach it here?
Regards,
Ankur
07-26-2007 10:58 PM
The following is capture off the network:
No. Time Source Destination Protocol Info
1 0.000000 IeeeRegi_2a:ef:34 Broadcast ARP Who has 224.0.0.1? Tell 0.0.0.0
Frame 1 (60 bytes on wire, 60 bytes captured)
Arrival Time: Jul 19, 2007 17:22:19.500344000
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: False]
[Protocols in frame: eth:arp]
[Coloring Rule Name: ARP]
[Coloring Rule String: arp]
Ethernet II, Src: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34)
Address: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: ARP (0x0806)
Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: IeeeRegi_2a:ef:34 (00:50:c2:2a:ef:34)
Sender IP address: 0.0.0.0 (0.0.0.0)
Target MAC address: 00:00:00_00:00:00 (00:00:00:00:00:00)
Target IP address: 224.x.x.1 (224.x.x.1)
07-26-2007 10:51 PM
I'm getting bcast stormed with the following:
Thu Jul 26 21:02:01 2007: dtlArpRequest: Recv ARP Request from mobile xxxxxx for IP 224.0.0.1. forward to DS 1.Thu Jul 26 21:02:01 2007: dtlArpRequest: Arp request. src: xxxxxxx src ip: 0.0.0.0, tgt ip: 224.0.0.1 intf num: 1, vlan id: xxxxx, node type: 2, mscb: found Thu Jul 26 21:02:01 2007: dtlArpFindClient:ARP look-up for 224.0.0.1 failed (not a client).
07-26-2007 11:09 PM
Hi Friend,
I believe some loop in created. Is it possible for you to capture AIR on Aireopeek and ether real on controller port connected to switch and attach it to this post?
Regards,
Ankur
07-26-2007 11:33 PM
The following is a ether real capture on the controller. I'm not on site to capture WiFi packets and previously I sent debug capture off the WLC.
No. Time Source Destination Protocol Info
20 0.685621 IeeeRegi_2a:ef:1b Cisco_5b:2d:80 ARP Who has 224.0.0.1? Tell 0.0.0.0
Frame 20 (108 bytes on wire, 108 bytes captured)
Ethernet II, Src: Cisco_c2:a8:0a (00:19:06:c2:a8:0a), Dst: Cisco_ca:94:43 (00:19:e7:ca:94:43)
Internet Protocol, Src: 10.7.8.3 (10.7.8.3), Dst: 10.7.8.5 (10.7.8.5)
User Datagram Protocol, Src Port: 10880 (10880), Dst Port: 12222 (12222)
LWAPP Encapsulated Packet
IEEE 802.11
Logical-Link Control
Address Resolution Protocol (request)
No. Time Source Destination Protocol Info
21 0.705358 IeeeRegi_2a:ef:1d Cisco_5b:2d:80 ARP Who has 224.0.0.1? Tell 0.0.0.0
Frame 21 (108 bytes on wire, 108 bytes captured)
Ethernet II, Src: Cisco_c2:a8:0a (00:19:06:c2:a8:0a), Dst: Cisco_ca:94:43 (00:19:e7:ca:94:43)
Internet Protocol, Src: 10.7.8.3 (10.7.8.3), Dst: 10.7.8.5 (10.7.8.5)
User Datagram Protocol, Src Port: 10880 (10880), Dst Port: 12222 (12222)
LWAPP Encapsulated Packet
IEEE 802.11
Logical-Link Control
Address Resolution Protocol (request)
No. Time Source Destination Protocol Info
22 0.785943 IeeeRegi_2a:ef:1b Cisco_5b:2d:80 ARP Who has 224.0.0.1? Tell 0.0.0.0
Frame 22 (108 bytes on wire, 108 bytes captured)
Ethernet II, Src: Cisco_c2:a8:0a (00:19:06:c2:a8:0a), Dst: Cisco_ca:94:43 (00:19:e7:ca:94:43)
Internet Protocol, Src: 10.7.8.3 (10.7.8.3), Dst: 10.7.8.5 (10.7.8.5)
User Datagram Protocol, Src Port: 10880 (10880), Dst Port: 12222 (12222)
LWAPP Encapsulated Packet
IEEE 802.11
Logical-Link Control
Address Resolution Protocol (request)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: