Skip to main content

824 Messages

 • 

13.2K Points

Mon, Jun 16, 2014 7:04 AM

How to restrict wired Broadcast traffic?

Folks,

I have always come across a situation where customer network in ONE BIG flat network comprising of both Desktop and Laptops. So here is my question as i am not sure about whether it should be a matter of concern or not.

How do we keep wired all Kind of broadcast traffic(not destined to AP or its client) limited to wire, NOT hit and pass through the AP and go on to the AIR.
Does this really happen or it just my figment of imagination?
Are there any Knobs on ZD or AP which one can turn on/off to control it?

Responses

337 Messages

 • 

5.5K Points

6 years ago

My first thought was "full wireless isolation" option in configure/WLANs...then a quick search produced this question from a couple of weeks ago...

https://forums.ruckuswireless.com/ruc...

So perhaps it doesn't work quite as I would expect (I'd be in same situation with one server performing multiple roles).

How about enabling dhcp on ruckus so wired clients are on different network range? No doubt has it's own problems.

368 Messages

 • 

5.6K Points

6 years ago

If you want to go all Macgyver with it you could, if at all possible, physically put all your Ruckus gear on separate cables and use a router to route traffic to the other network. There are routers that can do NAT-route and route without doing NAT. But IMHO that's just poor design.

Best way is always with switches and configure proper 802.1Q VLANs. Would probably solve the client isolation problem with a DHCP-relay and a filter mentioned above too.
Brand User

2.6K Messages

 • 

44.8K Points

6 years ago

Best practices say use smaller VLAN/subnets with less broadcast/multicast on them,
or apply ACL filter on switch-ports attached to APs. Under ZD's WLAN Advanced
Options, you can also enable Proxy ARP (on locally bridged WLANs) for some help.

368 Messages

 • 

5.6K Points

6 years ago

Yes, Michael said it best.

Put some VLANs on the network and segregate. That's why they made the 802.1Q for, and the routers and switches that support that really aren't expensive any more, so there really aren't any excuses any more :)