02-03-2021 09:39 PM
These settings are in Network Policy>Wireless Netowrks>SSID>Additional Settings>Optional Settings
When set to Auto, are the two check-boxes at the bottom (Enable Non-Essential Broadcast Filtering & Enable Multicast Drop) dependent on the thresholds being met or are they always in effect?
Has anyone changed Auto to Always? Curious what possible negative effects this could have.
What are your thoughts on using this setting to limit negative effects of chatty devices (ie Chromebooks etc.).
I’m also looking at using an SSID user-group targeting Chrome-OS with a firewall rule denying inter-station traffic as described here - https://extremeportal.force.com/ExtrArticleDetail?an=000069766&q=%22inter-station%22
Thoughts on the difference between the two options?
02-04-2021 06:40 PM
I’m don’t have access to Chrome management, and last I checked in, there was no way to disable peer-to-peer updates. Has that changed?
02-04-2021 06:21 PM
John,
Have you thought of disabling the peer to peer updates in the Chrome management platform? This would reduce a great deal of the multicast on the network/radios. Also, it may be a good idea to also reach out to your SE for assistance in defining what may be best for your specific environment.
02-04-2021 04:06 PM
I’m actually testing the firewall setting now. It seems its only blocking traffic for clients connected to the same AP (when the documentation states “one or more members of the same hive”). Am I miss-interpreting “hive”?
If what I’m seeing in testing is how it’s supposed to function, how would that be any different than unchecking the “enable inter-station traffic” button in the SSID. The only advantage to the firewall policy would be targeting a specific user group which is good, but I’m really trying to block all traffic from Chromebooks on the whole Layer 2 LAN, not just one AP.
Of concern would be the default setting to Auto, and what ongoing implications that may have in production anytime CU is above 60% or a multicast has less than 10 members. Is there any way to monitor when this is happening? Is this setting choice a “lesser of two evils” scenario?
Also
To reduce unnecessary airtime usage for multicast transmissions, an Extreme Networks device can convert multicast frames to unicast frames under certain conditions or at all times, and it can also drop multicast frames when there are no group members present to receive them.
It can or does drop traffic if there are no group members? not seeing a setting correlated with this ability.
02-04-2021 03:00 PM
Hi John, the Enable Non-Essential Broadcast Filtering and Enable Multicast Drop settings are not dependent on the multicast threshold set above them.
Setting the Convert Multicast to Unicast option to Always would make any traffic that was multicast convert to unicast traffic constantly. If any device/service/background function needs to send multicast traffic, that would not go through if we set this to Always. Unless we’re familiar with every bit of traffic that should come through the network and can say for sure there are no services or functions that require multicast, I wouldn’t recommend going that route.
The firewall set up blocking inter-station traffic would be my recommendation for dealing with Chromebooks or similar devices. It’s a lot less global than converting all multicast traffic all the time, and therefore likely to cause fewer unintended consequences.
That last bit is just my 2 cents, hopefully others who have used one or both of these in their networks can chime in.