This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

BUM traffic flooding hiveos ap

BUM traffic flooding hiveos ap

Leo_Bistmans1
Contributor

3 weeks ago

Measuring with tcpdump on a wired EXOS port in a vlan gives a clean result,

but if one connects over wifi via an AP305c the same vlan via a SSID, there is not only the vlan traffic, but also BUM from other vlans ( arp, multicastDNS, ... )

We suspect that triggers some obscure malfunctioning on some android clients:

A scenario where a rogue 'mdns flush' clears access to the world, while the android ip is still pingable.

Via cloudiq we tried 

 
ssid OurSSID multicast conversion-to-unicast always 
In order to limit BUM, but it still bleeds over.
 
Any hints welcome!

 

0 Kudos
2 REPLIES 2

Leo_Bistmans1
Contributor

Friday

gtac case number 03267061   

2 weeks open and counting ...

This might be CVE material ...

0 Kudos

rijajem345
New Contributor

3 weeks ago

Hello, On wired EXOS ports traffic stays strictly VLAN-isolated so tcpdump looks clean, but on the AP305c the AP acts as a proxy for multicast and broadcast (mDNS, ARP, etc.), which means some BUM traffic can be replicated or bridged in ways that make it appear as if other VLANs are bleeding in. The “multicast conversion-to-unicast always” setting only impacts multicast streams and does not stop broadcast traffic like ARP or certain mDNS behaviors, so you can still see cross-VLAN visibility depending on IGMP snooping, mDNS gateway/Bonjour proxy, or AP forwarding rules.

Genesis Card
0 Kudos
GTM-P2G8KFN