cancel
Showing results for 
Search instead for 
Did you mean: 

How to restrict wired Broadcast traffic?

monnat_systems
Valued Contributor II
Folks,

I have always come across a situation where customer network in ONE BIG flat network comprising of both Desktop and Laptops. So here is my question as i am not sure about whether it should be a matter of concern or not.

How do we keep wired all Kind of broadcast traffic(not destined to AP or its client) limited to wire, NOT hit and pass through the AP and go on to the AIR.
Does this really happen or it just my figment of imagination?
Are there any Knobs on ZD or AP which one can turn on/off to control it?
4 REPLIES 4

max_o_driscoll
Valued Contributor
My first thought was "full wireless isolation" option in configure/WLANs...then a quick search produced this question from a couple of weeks ago...

https://forums.ruckuswireless.com/ruc...

So perhaps it doesn't work quite as I would expect (I'd be in same situation with one server performing multiple roles).

How about enabling dhcp on ruckus so wired clients are on different network range? No doubt has it's own problems.

primoz_marinsek
Valued Contributor
If you want to go all Macgyver with it you could, if at all possible, physically put all your Ruckus gear on separate cables and use a router to route traffic to the other network. There are routers that can do NAT-route and route without doing NAT. But IMHO that's just poor design.

Best way is always with switches and configure proper 802.1Q VLANs. Would probably solve the client isolation problem with a DHCP-relay and a filter mentioned above too.

michael_brado
Esteemed Contributor II
Best practices say use smaller VLAN/subnets with less broadcast/multicast on them,
or apply ACL filter on switch-ports attached to APs. Under ZD's WLAN Advanced
Options, you can also enable Proxy ARP (on locally bridged WLANs) for some help.

primoz_marinsek
Valued Contributor
Yes, Michael said it best.

Put some VLANs on the network and segregate. That's why they made the 802.1Q for, and the routers and switches that support that really aren't expensive any more, so there really aren't any excuses any more 🙂