Question

Multicast-mask

  • 5 February 2021
  • 4 replies
  • 45 views

Hello,

We saw that multicast traffic was dropped by our AP7532 if we monitored the network on both radios.

I am trying to understand the feature multicast-mask thinking it can improve the behavior of the multicast application. But, I am not sure to understand how to configure it and if it can improve the beahvior of our multicast application.

Questions:

How can we configure the feature multicast-mask ?

Do you know if it exists some improvements when whe have packets drops on multicast video application ?

To let you know, we already applied best practices we found on the Extreme community website and it already improved the bahvior.

Thanks !

Regards,

Arthur


4 replies

Userlevel 5

Hi Arthur,

It would be good to know about the best practice config you have done so far to handle the multicast on the radios so that we can suggest something that has not been implemented or tried yet. You can post the running-config here.    

There are certain radio QoS related changes you can make to handle voice/video multicast in a better way, but I am not sure if you are already doing it.

 

Regards,

Ovais 

Hi Ovais,

Please find the running config:

!
! Configuration of AP7532 version 5.9.1.4-004R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no firewall enable
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy QOS-test
 no wmm power-save
 wmm video txop-limit 9
 qos trust dscp
 qos trust wmm
 accelerated-multicast 239.1.172.203 classification video
 accelerated-multicast 239.1.172.204 classification video
 accelerated-multicast 239.1.172.205 classification video
 accelerated-multicast 239.1.172.206 classification video
 accelerated-multicast 239.1.172.207 classification video
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
 accelerated-multicast 239.1.172.203 classification video
 accelerated-multicast 239.1.172.204 classification video
 accelerated-multicast 239.1.172.205 classification video
 accelerated-multicast 239.1.172.206 classification video
 accelerated-multicast 239.1.172.207 classification video
!
radio-qos-policy testrad
 wmm video txop-limit 9
 admission-control video
 admission-control video max-clients 25
 admission-control video max-roamed-clients 25
 admission-control video max-airtime-percent 150
 admission-control video reserved-for-roam-percent 12
 accelerated-multicast max-client-streams 4
 accelerated-multicast stream-threshold 100
 accelerated-multicast client-timeout 120
!
radio-qos-policy default
 admission-control video max-clients 25
 admission-control video max-roamed-clients 256
 admission-control video max-airtime-percent 150
 admission-control video reserved-for-roam-percent 12
 accelerated-multicast max-client-streams 4
 accelerated-multicast stream-threshold 500
 accelerated-multicast client-timeout 30
!
wlan 1
 ssid SSID1
 vlan 5
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no answer-broadcast-probes
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 123456789
 use wlan-qos-policy QOS-test
!
wlan 3
 ssid SSID2
 vlan 11
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no broadcast-ssid
 no answer-broadcast-probes
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 123456789A
!
wlan 4
 ssid SSID3
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no broadcast-ssid
 no answer-broadcast-probes
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 123456789B
!
wlan CONFIG_ID
 ssid 119a05361a6722abf8c48f7339b01c23
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no fast-bss-transition over-ds
 wpa-wpa2 psk 0 123456789X
!
smart-rf-policy default
!
!
management-policy default
 no telnet
 no http server
 https server
 ssh
 user admin password 1 183adf3b1dd2c0c335be6d09866c1f45dccb655e73ffdd1268766940df765803 role superuser access all
 snmp-server manager v2
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
event-system-policy default
!
profile ap7532 default
 use enterprise-ui
 no ip igmp snooping
 no ip igmp snooping forward-unknown-multicast
 no ipv6 mld snooping forward-unknown-multicast
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  channel 1
  power 20
  data-rates gn
  beacon dtim-period 1
  wlan 1 bss 1 primary
  wlan 3 bss 3 primary
  wlan 4 bss 4 primary
  use radio-qos-policy testrad
  no dynamic-chain-selection
  no probe-response retry
  mu-mimo
 interface radio2
  channel 44
  power 20
  data-rates custom basic-36 basic-mcs-1s mcs-2s mcs-3s
  beacon dtim-period 1
  wlan 1 bss 1 primary
  wlan 3 bss 3 primary
  wlan 4 bss 4 primary
  use radio-qos-policy testrad
  no dynamic-chain-selection
  no probe-response retry
  mu-mimo
  data-rates mcs qam-only
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,5,11
  no cdp receive
  no cdp transmit
  no lldp receive
  no lldp transmit
 interface vlan1
 interface vlan5
 interface vlan11
 interface pppoe1
 use event-system-policy default
 use firewall-policy default
 use client-identity-group default
 logging on
 no cdp run
 no lldp run
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 timezone Europe/Paris
 country-code fr
 use smart-rf-policy default
!
ap7532 94-9B-2C-2A-68-78
 use profile default
 use rf-domain default
 hostname ap7532
 location default
 ip default-gateway 192.168.104.1
 interface radio1
  no shutdown
  channel 1
 interface radio2
  no shutdown
  channel 44
 interface vlan1
  no description
  ip address 192.168.104.3/24
  no ip nat
 interface vlan5
  no description
  ip address 10.224.250.3/12
 no use dhcp-server-policy
 no virtual-controller
 rf-domain-manager capable
 no ip dns-server-forward
!
!
end
 

With this configuration, we only use multicast application with the SSID1.

Regards,

Arthur

Userlevel 5

Hi,

Can you leave the firewall enabled but disable the signatures like below and test, the wireless firewall is known for creating issues for multicast and IPv6 traffic.

 

Regards,

Ovais

Hi,

We already tried to deactivate the signatures you provided above but it didn’t improve the behavior...
But, it there a risk if we deactivate the firewall instead of the signatures you provided, especially on video multicast application ?

What can we try to not see any packets dropped by the AP ?

What are the highest data-rates for both radios we can configure to make sure that packets won’t be droppped ?

Is there other QOS we can apply on this packets ?

I am trying to understand why we lose some packets over Wirelless medium and to make sure we optimized multicast as far we can.

Thanks

Regards,

Arthur

Reply