NWA50AX filtering / blocking Multicast (mDNS) traffic?

TomAP

My NWA50AX Access Point is filtering/blocking Multicast (mDNS) traffic!

I have my NWA50AX connected via Ethernet to my broadband router in separate parts of the house, with both devices broadcasting the same SSID for a single home network throughout my house.

When connected directly to my broadband router (either wirelessly or over Ethernet) I can discover mDNS services broadcast by other devices on my network, but when switching to connect wirelessly to my NWA50AX, no mDNS services are visible any more, suggesting the NWA50AX is filtering them out.

How can I disable this filtering? Or is there a configuration that will force the AP to relay mDNS traffic?

Zyxel_Judy

Hi @TomAP ,

Our access points include NWA50AX support mDNS and can transmit mDNS traffic to the multicast address 224.0.0.251 without dropping or filtering packets. However, this functionality is currently limited to devices within the same subnet. Please ensure that your device is on the same subnet and that Layer 2 isolation is disabled for your SSID.

For mDNS routing/relay functionality that enables mDNS forwarding across different VLANs, we have identified this as a requirement for future implementation in our firewall. You can find the idea about this concept in the provided link:

Support mDNS routing/relay on Zyxel firewall — Zyxel Community

TomAP

Thanks @Zyxel_Judy,

Yes, both my router and Access Point are on the same subnet (255.255.255.0), and Layer 2 Isolation is disabled for my SSID in Nebula. Are there any other settings I can check? Or else, can you help me to debug why Multicast traffic is not being forwarded please?

Zyxel_Judy

Hi @TomAP ,

255.255.255.0 is a common subnet mask for IP networks, but this does not ensure that your broadband router, NWA50AX, and wireless clients are in the same subnet. Please verify this configuration.
If they are confirmed to be in the same subnet, but the wireless clients connected to the NWA50AX still do not receive mDNS packets, please help us by capturing packets on both the wired and wireless interfaces as described below and sharing the results with us.

• To capture packets on the wired interface (eth0): packet-trace interface eth0 verbose-vvv
• To capture packets on the wireless interface (for example: wlan-2-1): packet-trace interface wlan-2-1 verbose-vvv. To know which WLAN interface, use this command: show wlan slot_name detail.

For example: I want to trace packets on the SSID 'WAC_Nami' that my devices connect to. The corresponding WLAN interface is 'wlan-2-1'

TomAP

Thanks @Zyxel_Judy , packet captures sent to you via message - appreciate your investigations, many thanks!

Zyxel_Judy

Hi @TomAP ,

From the packet captures, we can see that mDNS queries are being received on both the eth0 and wlan interfaces, which indicates that the AP is not blocking this type of traffic. In particular, we observed _remotepairing._tcp.local., a service commonly associated with Apple devices such as AirPrint or HomePod.

To help us better understand the situation, could you please provide the following details:

• mDNS Traffic Issue: Where did you expect to receive mDNS traffic but did not? What specific symptoms are you experiencing?
• Network Topology: What is your complete network topology, including all devices' IP addresses, subnet maskes?
• Nebula Configuration: What are your Nebula organization and site names?

By the way, please enable Zyxel support