Skip to main content

Fri, May 31, 2013 12:16 AM

Answered

Prevent broadcast storm?

Hi,

Is there any way to prevent broadcast storm at AP? I have bridge configuration in my WLANs.

Regards,
Alberto.

Responses

2 Messages

 • 

140 Points

7 years ago

Hi Alberto,

On an AP we can limit broadcast storm by creating Vlan's.
All the client traffic will be then segmented, also please enable wireless client isolation.

Regards,
Kevin

43 Messages

 • 

688 Points

7 years ago

Hi Kevin,

but this only prevent to flood broadcast between clients. Let me explain, we had this issue:
- AP started, wireless wlans deployed. (ping to management interface of the AP it was ok, milliseconds)
- Wireless clients started to connect
- After some minutes, ping to management interface raise up to 1 second.
- Packet capture at AP, we saw a lot of broadcast from a wireless client.
- Blocked client, ping in milliseconds.

So... it seems the broadcast affected the AP and I can't prevent it making vlans and isolating traffic from clients because it is communication between wireless device and AP.

683 Messages

 • 

11K Points

7 years ago

This is more a DOS attack than a broadcast storm (latter implies more participants). There's a couple of things at work here.

Wifi is a shared media. A mis-behaving client acts, in effect, like a source of interference. So if you were pinging the AP via wireless - you may have just had a lot of latency in the radio spectrum. If you were pinging via wired. the AP may have been over-taxed "listening" to the offending client. And everyone might have slowed down due to overlong transmission by the offending client.

The ZoneDirector does offer some protective services - see the "Configuring Wireless Intrusion Prevention" chapter in the ZoneDirector User Guide