but this only prevent to flood broadcast between clients. Let me explain, we had this issue:
- AP started, wireless wlans deployed. (ping to management interface of the AP it was ok, milliseconds)
- Wireless clients started to connect
- After some minutes, ping to management interface raise up to 1 second.
- Packet capture at AP, we saw a lot of broadcast from a wireless client.
- Blocked client, ping in milliseconds.
So... it seems the broadcast affected the AP and I can't prevent it making vlans and isolating traffic from clients because it is communication between wireless device and AP.
This is more a DOS attack than a broadcast storm (latter implies more participants). There's a couple of things at work here.
Wifi is a shared media. A mis-behaving client acts, in effect, like a source of interference. So if you were pinging the AP via wireless - you may have just had a lot of latency in the radio spectrum. If you were pinging via wired. the AP may have been over-taxed "listening" to the offending client. And everyone might have slowed down due to overlong transmission by the offending client.
The ZoneDirector does offer some protective services - see the "Configuring Wireless Intrusion Prevention" chapter in the ZoneDirector User Guide