How to restrict wired Broadcast traffic?

  • 1
  • Question
  • Updated 6 years ago

I have always come across a situation where customer network in ONE BIG flat network comprising of both Desktop and Laptops. So here is my question as i am not sure about whether it should be a matter of concern or not.

How do we keep wired all Kind of broadcast traffic(not destined to AP or its client) limited to wire, NOT hit and pass through the AP and go on to the AIR.
Does this really happen or it just my figment of imagination?
Are there any Knobs on ZD or AP which one can turn on/off to control it?
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 923 Posts
  • 208 Reply Likes

Posted 6 years ago

  • 1
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 349 Posts
  • 96 Reply Likes
My first thought was "full wireless isolation" option in configure/WLANs...then a quick search produced this question from a couple of weeks ago...

So perhaps it doesn't work quite as I would expect (I'd be in same situation with one server performing multiple roles).

How about enabling dhcp on ruckus so wired clients are on different network range? No doubt has it's own problems.
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 49 Reply Likes
If you want to go all Macgyver with it you could, if at all possible, physically put all your Ruckus gear on separate cables and use a router to route traffic to the other network. There are routers that can do NAT-route and route without doing NAT. But IMHO that's just poor design.

Best way is always with switches and configure proper 802.1Q VLANs. Would probably solve the client isolation problem with a DHCP-relay and a filter mentioned above too.
Photo of Michael Brado

Michael Brado, Official Rep

  • 3298 Posts
  • 523 Reply Likes
Best practices say use smaller VLAN/subnets with less broadcast/multicast on them,
or apply ACL filter on switch-ports attached to APs. Under ZD's WLAN Advanced
Options, you can also enable Proxy ARP (on locally bridged WLANs) for some help.
Photo of Primož Marinšek

Primož Marinšek, AlphaDog

  • 413 Posts
  • 49 Reply Likes
Yes, Michael said it best.

Put some VLANs on the network and segregate. That's why they made the 802.1Q for, and the routers and switches that support that really aren't expensive any more, so there really aren't any excuses any more :)