James, GTK's are shared between the access point (radio) and all the clients associated to it and not at the broader SSID level. We use Aruba wireless and they have the ability to turn BC/MC traffic into unicast and prevent it from being flooded back out into the air. You can also manage your bonjour clients and traffic (very granular with their Clearpass appliance) at the controller.
Don Wright Brown University On Thu, Feb 20, 2014 at 3:36 AM, James Andrewartha < [email protected]> wrote: > Hi list, > > We moved to a single WPA2-Enterprise SSID with RADIUS responses dropping > users into a particular VLAN at the start of the year. However, > multicast and broadcast traffic is seen by all clients, regardless of > VLAN. After some thought, this makes sense because the SSID has a common > group temporal key for broadcast/multicast. However I was wondering if > all clients had to have the same GTK, or if it's possible (or if some > vendor even implements) having a different one for clients on different > VLANs. > > We are probably going to split up the clients across multiple SSIDs > again, as we're seeing Bonjour instability (you try telling a teacher to > plug into a cable after using AirPlay last year), which may be caused by > too much broadcast/multicast traffic or possibly just Bonjour not > handlins seeing queries from devices on different VLANs. > > -- > James Andrewartha > Network & Projects Engineer > Christ Church Grammar School > Claremont, Western Australia > Ph. (08) 9442 1757 > Mob. 0424 160 877 > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
