https://community.extremenetworks.com/t5/extremewireless-iqe/blocking-multicast-and-inter-station-broken/m-p/118628#M1802 <P>Hi,</P><P>I am trying to use the built in options in CloudIQ as well as the IP Firewall on user profiles to block multicast traffic like mDNS.</P><P>I have ticked "E<SPAN class="">nable Multicast Drop" and unticked "Except for the following protocols: mDNS". I have also unticked "Enable Inter-station Traffic". </SPAN></P><P><SPAN class="">I have also added following Outbound IPFW rules with a Deny action:</SPAN></P><P><SPAN class="">Source: Any - Destination: Any - Service/Application mDNS (I have tried both the predefined Extreme mDNS application as well as my own manually defined service)</SPAN></P><P><SPAN class="">Source: Any - Destination: 224.0.0.0/4</SPAN></P><P>Despite this I still see mDNS traffic originating from one client on the wireless to another. They are on the same Network Policy, same SSID, same HIVE, different APs. I am verifying by Wireshark capture that I still mDNS between the two clients. When inspecting the traffic, I see the IPv4 headers of the mDNS traffic match what I have configured in the IPFW rules, yet the traffic still goes between clients.</P><P>I have logged this with GTAC and demonstrated the issue and they have been unable to provide an explanation.</P><P>Are the options to block mDNS and other multicast traffic and the manual IPFW rules for CloudIQ APs just completely broken? I see the same issue with inter-station traffic that the APs seem incapable of blocking client to client communication, even if I add the manual IPFW for inter-station deny.</P><P>Other firewall rules such as blocking RFC1918 address ranges work ok.</P><P>We are running AP4000 on 10.7.5.0. Any ideas?</P><P>Thanks.</P> Thu, 24 Apr 2025 23:29:31 GMT FABRIC_2_EDGE 2025-04-24T23:29:31Z https://community.extremenetworks.com/t5/extremewireless-iqe/blocking-multicast-and-inter-station-broken/m-p/118628#M1802 <P>Hi,</P><P>I am trying to use the built in options in CloudIQ as well as the IP Firewall on user profiles to block multicast traffic like mDNS.</P><P>I have ticked "E<SPAN class="">nable Multicast Drop" and unticked "Except for the following protocols: mDNS". I have also unticked "Enable Inter-station Traffic". </SPAN></P><P><SPAN class="">I have also added following Outbound IPFW rules with a Deny action:</SPAN></P><P><SPAN class="">Source: Any - Destination: Any - Service/Application mDNS (I have tried both the predefined Extreme mDNS application as well as my own manually defined service)</SPAN></P><P><SPAN class="">Source: Any - Destination: 224.0.0.0/4</SPAN></P><P>Despite this I still see mDNS traffic originating from one client on the wireless to another. They are on the same Network Policy, same SSID, same HIVE, different APs. I am verifying by Wireshark capture that I still mDNS between the two clients. When inspecting the traffic, I see the IPv4 headers of the mDNS traffic match what I have configured in the IPFW rules, yet the traffic still goes between clients.</P><P>I have logged this with GTAC and demonstrated the issue and they have been unable to provide an explanation.</P><P>Are the options to block mDNS and other multicast traffic and the manual IPFW rules for CloudIQ APs just completely broken? I see the same issue with inter-station traffic that the APs seem incapable of blocking client to client communication, even if I add the manual IPFW for inter-station deny.</P><P>Other firewall rules such as blocking RFC1918 address ranges work ok.</P><P>We are running AP4000 on 10.7.5.0. Any ideas?</P><P>Thanks.</P> Thu, 24 Apr 2025 23:29:31 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/blocking-multicast-and-inter-station-broken/m-p/118628#M1802 FABRIC_2_EDGE 2025-04-24T23:29:31Z https://community.extremenetworks.com/t5/extremewireless-iqe/blocking-multicast-and-inter-station-broken/m-p/121106#M1925 <P>Ever get anywhere with this? Seeing the same issues on 10.8.5.</P> Fri, 16 Jan 2026 20:32:21 GMT https://community.extremenetworks.com/t5/extremewireless-iqe/blocking-multicast-and-inter-station-broken/m-p/121106#M1925 msmith0518 2026-01-16T20:32:21Z