How are Multicast and Broadcast traffic supported by the Meru Controller and AP's ?
KB ARTICLE TYPE: Design
RELATED PRODUCTS: All controllers, AP300s and AP400s
RELATED SOFTWARE VERSIONS: 5.1 and 5.2
KEYWORDS: multicast
What is supported:
In each of the supported cases, the configuration requirement is that 1) "multicast-enable" be turned on for the ESSID profile and 2) The VLAN to which that ESSID profile is associated may not have any other ESSID profiles associated to it (This is not a requirement in SD version 5.1 and above). Note that when an ESSID is not configured to use a VLAN, it is considered to be associated to the "default" VLAN.
Behaviour prior to 5.1:
For
example, suppose you have a customer that is using two ESSID profiles
and no VLANs. The customer desires to use multicast on one of the ESSID
profiles and so turns on "multicast enable" on the ESSID profile. The
multicast traffic will be blocked by the controller because both ESSID
profiles use the same VLAN, in this case the "default" VLAN. This is
documented in the "Multicasting" section of ESSID configuration in the
Configuration Guide.
Each of the above cases and descriptions assumes the data-plane mode is "tunneled" as the decision to forward or not forward a multicast or broadcast packet is done at the controller. If the data-plane mode is bridged, multicast and broadcast traffic that reaches the Ethernet interface of an AP is forwarded over the air (to all BSSIDs supported by the AP) regardless of configuration. Similarly, any multicast or broadcast traffic received by an AP's radio is forwarded to the wired side regardless of configuration.
IGMP snooping feature
The controller supported "IGMP snooping" started in 3.6.1. When enabled, IGMP snooping will forward only multicast traffic sent to an IGMP group to which some wireless client has subscribed. Said another way, enabling IGMP snooping will cause all Ethernet->wireless multicast traffic to be discarded initially. As wireless clients join/subscribe to an IGMP group, the controller detects the relevant IGMP group and dynamically opens a pin-hole for multicast traffic sent to that particular IGMP group to be forwarded to wireless client(s) subscribed to that IGMP group.
Some other particulars about the IGMP snooping feature in the controller:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.