Seeing Broadcast Data from Other VLAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Seeing Broadcast Data from Other VLAN

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Seeing Broadcast Data from Other VLAN
Seeing Broadcast Data from Other VLAN
2020-07-14 03:15:33 - last edited 2020-07-14 20:13:00
Model: EAP225  
Hardware Version: V2
Firmware Version: 1.4.0 Build 20180323 Rel. 32579

I have 2 SSIDs being broadcast - one is configured as VLAN 100, the other as VLAN 150. 

 

I am noticing with Wireshark on a wireless client in VLAN 100 that I can see broadcasts (L2 and L3) from VLAN 150. These include IP brodacsts to 255.255.255.255, ARP, etc. 

 

If I run Wireshark on a WIRED client in vlan 100, I cannot see broadcasts from VLAN 150. 

 

My concern here is that these broadcasts are quite frequent and there are many IoT devices that do them, so they may be using up a decent amount of airtime. Is this expected behaviour? I would have thought that a broadcast would only be sent out to other wireless clients in the same VLAN (SSID). 

 

My setup is an AP+router on a stick:

Access point   <==(trunk100,150)==>   switch   <==(trunk100,150)==>   router

  0      
  0      
#1
Options
1 Accepted Solution
Re:Seeing Broadcast Data from Other VLAN-Solution
2020-07-14 20:06:34 - last edited 2020-07-14 20:20:38

 

Soxcks wrote

Am I correct in assuming the v2 will no longer receive patches? Is this a bug that might be covered under the limited warranty?

 

It seems that EAP225 V1 and V2 will no longer receive upgrades. Last firmware for those models was released in April, 2018. I still have EAP225 V1 in the field.

 

You could open a ticket anyway, maybe TP-Link can fix this issue for older models.

 

I think I understand what you're saying in that the traffic is being forwarded before 802.1q tagging.

 

 

It was a fix in V2.6 firmwares for EAPs with latest hardware revisions:

 

 

But I remember to have read it in a release note for another EAP just the other way around (Edit: found it here):

 

2. Fixed the bug that untag packets can be transferred to SSIDs with different VLANs.

 

However, I always use tagged frames, even for management, therefore this bug (and its fix) didn't catch my setups.

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  1  
  1  
#4
Options
5 Reply
Re:Seeing Broadcast Data from Other VLAN
2020-07-14 19:12:24 - last edited 2020-07-14 19:12:51

@Soxcks,

 

it's probably because of an old bug where untagged frames had been forwarded to VLAN-mapped SSIDs. Fixed in more recent firmwares, but as far as I know those firmwares are available only for V3 hardware, not V2.

 

Possible workaround: try to set the management VLAN for communication with the EAP itself (not the SSIDs) to avoid untagged frames on the trunk to the EAP.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  1  
  1  
#2
Options
Re:Seeing Broadcast Data from Other VLAN
2020-07-14 19:26:44

@R1D2 

Thanks for the info. Am I correct in assuming the v2 will no longer receive patches? Is this a bug that might be covered under the limited warranty?

 

Thanks for the proposed workaround, but the broadcast traffic is WLAN-to-WLAN so it would only be controllable in the AP itself. I think I understand what you're saying in that the traffic is being forwarded before 802.1q tagging.

  0  
  0  
#3
Options
Re:Seeing Broadcast Data from Other VLAN-Solution
2020-07-14 20:06:34 - last edited 2020-07-14 20:20:38

 

Soxcks wrote

Am I correct in assuming the v2 will no longer receive patches? Is this a bug that might be covered under the limited warranty?

 

It seems that EAP225 V1 and V2 will no longer receive upgrades. Last firmware for those models was released in April, 2018. I still have EAP225 V1 in the field.

 

You could open a ticket anyway, maybe TP-Link can fix this issue for older models.

 

I think I understand what you're saying in that the traffic is being forwarded before 802.1q tagging.

 

 

It was a fix in V2.6 firmwares for EAPs with latest hardware revisions:

 

 

But I remember to have read it in a release note for another EAP just the other way around (Edit: found it here):

 

2. Fixed the bug that untag packets can be transferred to SSIDs with different VLANs.

 

However, I always use tagged frames, even for management, therefore this bug (and its fix) didn't catch my setups.

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
Recommended Solution
  1  
  1  
#4
Options
Re:Seeing Broadcast Data from Other VLAN
2020-07-14 20:12:47

@R1D2 

Actually this has been a huge help. I forgot I was using the default VLAN (100) on one of my SSIDs and not tagging (due to a migration from an access port to a trunk port a while ago). Now that I have tagged that SSID, I no longer see the broadcast packets.

 

Thank you! This solution works for me.

  0  
  0  
#5
Options
Re:Seeing Broadcast Data from Other VLAN
2020-07-14 20:18:18 - last edited 2020-07-14 20:18:37

@Soxcks, glad that I could help. Have fun with your EAPs!

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#6
Options