NWA50AX filtering / blocking Multicast (mDNS) traffic?

TomAP · May 13

My NWA50AX Access Point is filtering/blocking Multicast (mDNS) traffic!

I have my NWA50AX connected via Ethernet to my broadband router in separate parts of the house, with both devices broadcasting the same SSID for a single home network throughout my house.

When connected directly to my broadband router (either wirelessly or over Ethernet) I can discover mDNS services broadcast by other devices on my network, but when switching to connect wirelessly to my NWA50AX, no mDNS services are visible any more, suggesting the NWA50AX is filtering them out.

How can I disable this filtering? Or is there a configuration that will force the AP to relay mDNS traffic?

Zyxel_Judy · May 15

Hi @TomAP ,

Our access points include NWA50AX support mDNS and can transmit mDNS traffic to the multicast address 224.0.0.251 without dropping or filtering packets. However, this functionality is currently limited to devices within the same subnet. Please ensure that your device is on the same subnet and that Layer 2 isolation is disabled for your SSID.

For mDNS routing/relay functionality that enables mDNS forwarding across different VLANs, we have identified this as a requirement for future implementation in our firewall. You can find the idea about this concept in the provided link:

Support mDNS routing/relay on Zyxel firewall — Zyxel Community

TomAP · May 20

Thanks @Zyxel_Judy,

Yes, both my router and Access Point are on the same subnet (255.255.255.0), and Layer 2 Isolation is disabled for my SSID in Nebula. Are there any other settings I can check? Or else, can you help me to debug why Multicast traffic is not being forwarded please?

Zyxel_Judy · May 22

Hi @TomAP ,

255.255.255.0 is a common subnet mask for IP networks, but this does not ensure that your broadband router, NWA50AX, and wireless clients are in the same subnet. Please verify this configuration.
If they are confirmed to be in the same subnet, but the wireless clients connected to the NWA50AX still do not receive mDNS packets, please help us by capturing packets on both the wired and wireless interfaces as described below and sharing the results with us.

To capture packets on the wired interface (eth0): packet-trace interface eth0 verbose-vvv
To capture packets on the wireless interface (for example: wlan-2-1): packet-trace interface wlan-2-1 verbose-vvv. To know which WLAN interface, use this command: show wlan slot_name detail.

For example: I want to trace packets on the SSID 'WAC_Nami' that my devices connect to. The corresponding WLAN interface is 'wlan-2-1'

TomAP · May 23

Thanks @Zyxel_Judy , packet captures sent to you via message - appreciate your investigations, many thanks!

Zyxel_Judy · May 28

Hi @TomAP ,

From the packet captures, we can see that mDNS queries are being received on both the eth0 and wlan interfaces, which indicates that the AP is not blocking this type of traffic. In particular, we observed _remotepairing._tcp.local., a service commonly associated with Apple devices such as AirPrint or HomePod.

To help us better understand the situation, could you please provide the following details:

mDNS Traffic Issue: Where did you expect to receive mDNS traffic but did not? What specific symptoms are you experiencing?
Network Topology: What is your complete network topology, including all devices' IP addresses, subnet maskes?
Nebula Configuration: What are your Nebula organization and site names?

By the way, please enable Zyxel support

TomAP · June 2

Hi @Zyxel_judy,

Thanks, I'm using the dns-sd command to compare available services when connected to the AP vs when connected directly to my router.

When connected to the AP, I consistently get no results:

% dns-sd -t 5 -B
Browsing for _http._tcp

DATE: ---Mon 02 Jun 2025---

14:52:43.659  ...STARTING...

But if I then unplug the AP's ethernet cable and connect my computer directly to my router via this ethernet cable, I consistently find services being broadcast by other devices on my network:

% dns-sd -t 5 -B
Browsing for _http._tcp

DATE: ---Mon 02 Jun 2025---

14:53:17.839  ...STARTING...
Timestamp     A/R    Flags  if Domain               Service Type         Instance Name

14:53:17.846  Add        3  15 local.               _http._tcp.          64CFD910B77C@mysimplelink

14:53:17.846  Add        2  15 local.               _http._tcp.          tinysvcmdns responder

This led me to the conclusion that the AP is filtering this traffic.

I've enabled Zyxel Support Access - please take a look! Thanks!

Zyxel_Judy · June 4

Hi @TomAP ,

It seems the results differ between the dns-sd command and the packet capture.

After reviewing the packets and command results, we need to understand the network topology for both test scenarios:

Laptop connected to NWA50AX's SSID
Laptop connected directly to your broadband router via Ethernet cable

Please provide a complete network diagram showing all network devices and end devices with their IP addresses. This will help us investigate the issue thoroughly and reproduce the symptoms if needed.

TomAP · June 4

Thanks @Zyxel_Judy, I've sent a diagram over to you by direct message.

NWA50AX filtering / blocking Multicast (mDNS) traffic?

All Replies

Categories

Nebula Tips & Tricks

Nebula Help Center