Recently I was told that we leave WDS off ,whenever we can, where I work. It was explained to me that a broadcast storm is created when a routers' broadcast gets back to itself, perpetuates itself and eventually floods the port. If WDS has the potential to create a broadcast storm, does that mean that the switches at our towers have a bridge that is allowing the broadcast to get back to the clients router? What would be allowing the broadcast to get back and is it purely user error?
Switch – WDS and how can it cause a broadcast storm
bridgebroadcastswitch
Best Answer
WDS is by design intended for forward frames between the edge stations, repeater nodes and the base station (the thing that is connected to the wired Ethernet). It's not clear from your question whether what you call your core router is a WDS base station: if it is, it really ought not to be. Two reasons. If a frame is initiated from one WDS node, it is supposed to be forwarded to all the others. I believe (don't have the standard to hand) that it is not supposed to forward frames that it has already sent, to prevent loops. Broadcasts are one example where failure to do this can get out of hand very quickly. Now imagine that the WDS base station is also your "core" switch. Now it is spamming the wired network with frames too! That is bad. A better model would be to take steps to isolate your wired and wireless networks. This diminishes the scope for problems if a device goes nuts and --even more important-- gives you a place where you can ascribe security policies. Wireless is a common attack path and plugging it straight into your lan without filtering and policy is trouble waiting to happen.