Prevent broadcast storm?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
Hi,

Is there any way to prevent broadcast storm at AP? I have bridge configuration in my WLANs.

Regards,
Alberto.
Photo of Alberto de la Cruz

Alberto de la Cruz

  • 42 Posts
  • 1 Reply Like

Posted 4 years ago

  • 1
Photo of kevin joseph

kevin joseph, Employee

  • 2 Posts
  • 1 Reply Like
Hi Alberto,

On an AP we can limit broadcast storm by creating Vlan's.
All the client traffic will be then segmented, also please enable wireless client isolation.

Regards,
Kevin
Photo of Alberto de la Cruz

Alberto de la Cruz

  • 42 Posts
  • 1 Reply Like
Hi Kevin,

but this only prevent to flood broadcast between clients. Let me explain, we had this issue:
- AP started, wireless wlans deployed. (ping to management interface of the AP it was ok, milliseconds)
- Wireless clients started to connect
- After some minutes, ping to management interface raise up to 1 second.
- Packet capture at AP, we saw a lot of broadcast from a wireless client.
- Blocked client, ping in milliseconds.

So... it seems the broadcast affected the AP and I can't prevent it making vlans and isolating traffic from clients because it is communication between wireless device and AP.
Photo of Keith - Pack Leader

Keith - Pack Leader

  • 860 Posts
  • 50 Reply Likes
This is more a DOS attack than a broadcast storm (latter implies more participants). There's a couple of things at work here.

Wifi is a shared media. A mis-behaving client acts, in effect, like a source of interference. So if you were pinging the AP via wireless - you may have just had a lot of latency in the radio spectrum. If you were pinging via wired. the AP may have been over-taxed "listening" to the offending client. And everyone might have slowed down due to overlong transmission by the offending client.

The ZoneDirector does offer some protective services - see the "Configuring Wireless Intrusion Prevention" chapter in the ZoneDirector User Guide