Seeing Broadcast Data from Other VLAN
I have 2 SSIDs being broadcast - one is configured as VLAN 100, the other as VLAN 150.
I am noticing with Wireshark on a wireless client in VLAN 100 that I can see broadcasts (L2 and L3) from VLAN 150. These include IP brodacsts to 255.255.255.255, ARP, etc.
If I run Wireshark on a WIRED client in vlan 100, I cannot see broadcasts from VLAN 150.
My concern here is that these broadcasts are quite frequent and there are many IoT devices that do them, so they may be using up a decent amount of airtime. Is this expected behaviour? I would have thought that a broadcast would only be sent out to other wireless clients in the same VLAN (SSID).
My setup is an AP+router on a stick:
Access point <==(trunk100,150)==> switch <==(trunk100,150)==> router
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Soxcks wrote
Am I correct in assuming the v2 will no longer receive patches? Is this a bug that might be covered under the limited warranty?
It seems that EAP225 V1 and V2 will no longer receive upgrades. Last firmware for those models was released in April, 2018. I still have EAP225 V1 in the field.
You could open a ticket anyway, maybe TP-Link can fix this issue for older models.
I think I understand what you're saying in that the traffic is being forwarded before 802.1q tagging.
It was a fix in V2.6 firmwares for EAPs with latest hardware revisions:
But I remember to have read it in a release note for another EAP just the other way around (Edit: found it here):
2. Fixed the bug that untag packets can be transferred to SSIDs with different VLANs.
However, I always use tagged frames, even for management, therefore this bug (and its fix) didn't catch my setups.
- Copy Link
- Report Inappropriate Content
it's probably because of an old bug where untagged frames had been forwarded to VLAN-mapped SSIDs. Fixed in more recent firmwares, but as far as I know those firmwares are available only for V3 hardware, not V2.
Possible workaround: try to set the management VLAN for communication with the EAP itself (not the SSIDs) to avoid untagged frames on the trunk to the EAP.
- Copy Link
- Report Inappropriate Content
Thanks for the info. Am I correct in assuming the v2 will no longer receive patches? Is this a bug that might be covered under the limited warranty?
Thanks for the proposed workaround, but the broadcast traffic is WLAN-to-WLAN so it would only be controllable in the AP itself. I think I understand what you're saying in that the traffic is being forwarded before 802.1q tagging.
- Copy Link
- Report Inappropriate Content
Soxcks wrote
Am I correct in assuming the v2 will no longer receive patches? Is this a bug that might be covered under the limited warranty?
It seems that EAP225 V1 and V2 will no longer receive upgrades. Last firmware for those models was released in April, 2018. I still have EAP225 V1 in the field.
You could open a ticket anyway, maybe TP-Link can fix this issue for older models.
I think I understand what you're saying in that the traffic is being forwarded before 802.1q tagging.
It was a fix in V2.6 firmwares for EAPs with latest hardware revisions:
But I remember to have read it in a release note for another EAP just the other way around (Edit: found it here):
2. Fixed the bug that untag packets can be transferred to SSIDs with different VLANs.
However, I always use tagged frames, even for management, therefore this bug (and its fix) didn't catch my setups.
- Copy Link
- Report Inappropriate Content
Actually this has been a huge help. I forgot I was using the default VLAN (100) on one of my SSIDs and not tagging (due to a migration from an access port to a trunk port a while ago). Now that I have tagged that SSID, I no longer see the broadcast packets.
Thank you! This solution works for me.
- Copy Link
- Report Inappropriate Content
@Soxcks, glad that I could help. Have fun with your EAPs!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1149
Replies: 5
Voters 0
No one has voted for it yet.