Instant On - Wireless

Expand all | Collapse all

Traffic leaking between RADIUS dynamic VLANs

  • 1.  Traffic leaking between RADIUS dynamic VLANs

    Posted 02-02-2021 03:26 PM
    I've recently set up a test network to try out the dynamic VLAN functionality added in the 2.2.0 firmware, and it seems to be working well with freeRADIUS for the most part. I have found, however, that broadcast traffic sometimes leaks between VLANs when clients with different VLAN assignments connect to the same SSID. This is a major problem because it results in clients using SLAAC to assign IPv6 addresses from multiple VLANs. I've also seen MDNS traffic leaking. This only occurs on wireless clients connected to the Aruba AP - wired clients and clients connected to a UniFi AP (also with dynamic VLANs) that I set back up for debugging do not see the leaking traffic. 

    My setup:

    - 2x AP22 with WiFi6 and WPA2+WPA3 enabled
    - EAP_SSID set to use RADIUS for authentication against a freeRADIUS server that returns Tunnel-Type = 'VLAN', Tunnel-Medium-Type = 'IEEE-802', Tunnel-Private-Group-Id = '<vlan>' for VLAN assignment.
    - Three VLANS: 1, 3, and 4 each with their own IP ranges and firewall rules restricting traffic flow
    - IP and network assignment set to same as local network with assigned network set to VLAN 1

    I have tried reconfiguring the network to use VLANS 3, 4, and 10 in case there was something weird about VLAN 1, but this did not make a difference. I've also tried toggling WPA3 and the optimize for video streaming settings, but neither of these helped. Is there something else I can try, or is this a (known) bug?

    F L

  • 2.  RE: Traffic leaking between RADIUS dynamic VLANs

    Posted 02-03-2021 01:20 PM
    Please open a support case to make them aware of what you are experiencing so they can investigate.

    Greg Thiesen