The new option ‘Groupwise Transient Key (GTK) per VLAN’ is disabled on default. The current User Guide explains how to enable it via the command-line interface (CLI):
wireless wlan 1
gtk-per-vlan
However, that command is not listed via help (and does not work if I try) for my E410. Without it, all multicast traffic, like mDNS and IPv6-Router-Advertisements from all VLANs are arriving at my Wi-Fi client (tested and verified via Wireshark).
- Do I have to enable something beforehand?
- Is there a list of models which support this? Or
- Was this omission not on purpose and it is coming to E-Series?
gtk-per-vlan feature is not supported in E410 (E-Series APs) . Please use the below commands for this.
E600-0C192A(config)# wireless wlan 1
E600-0C192A(config-wlan-1)# multicast-unicast
E600-0C192A(config-wlan-1)#
Thank you very much for the insights, especially as this seems to be an undocumented command (neither listed in CLI help nor mentioned in the User Guide nor in the community forum until now). However with that, IPv6-Router-Advertisements still leak into all VLANs and then breaks IPv6 connectivity depending on which IPv6 prefix the operating system of the Wi-Fi client picks. As dirty workaround, I went for
wireless wlan 1
ipv6-router-advertisement-unicast vlans 1-10
after going for
filter global-filter
disable
because the default ‘Air Filters’ blocked many things like IPv6-Router-Solicitations. Anyway, I guess, not tested, that does not fix mDNS.
I am curious, was there any way for me to know that in advance? I bought that product because of Dynamic VLANs via RADIUS and Tunnel-Private-Group-Id. And because of that release notes, I thought it is working for multicast traffic. Debugging this, was hard work. In future, please, mention which features are not available in a particular series. That brings me to another question:
That was mentioned in the release notes for firmware 4.2.3.1. How does it work back in that version without gtk-per-vlan; do I have to enable several things somehow, because, for me, IPv6 did not work there either.
Last week, technical support confirmed via a ticket that there is no solution for firmware 4.x and Wi-Fi 5 APs. Therefore, I stick to firmware 6.x and my workaround above … which avoids the GTK mechanism; then it works like in the UniFi series of Ubiquiti Networks.
GTK Per VLAN feature is handled as part of Radio hardware in the latest Wifi 6 APs,
We are trying to achieve a similar behavior by adding a fix in the software but looks like, there is a leakage of Broadcast/Multicast traffic, We will try to add the fix in the upcoming 4. X software release.