Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

The actual documentation is still in process but the relevant snippet:

Dynamic Multicast Optimization

Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:

1.     Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.

2.     Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.

DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver's unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.

When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.

Recommendation

DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.

Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.

Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

The actual documentation is still in process but the relevant snippet:

Dynamic Multicast Optimization

Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:

1.     Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.

2.     Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.

DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver's unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.

When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.

Recommendation

DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.

Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.

Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

The actual documentation is still in process but the relevant snippet:

Dynamic Multicast Optimization

Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:

1.     Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.

2.     Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.

DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver's unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.

When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.

Recommendation

DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.

Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Oct 17, 2025 05:15 AM
From: Keyser
Subject: Dynamic Multicast Optimization dropping frames

Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

-------------------------------------------

I have been doing some testing and faultfinding, and I finally got DMO working. I wanted to test if role-assigned VLANs was considered VLAN deriviation and the reason it didn't work.
So I remapped the default static VLAN on the SSID from "Guest" to my "clients" VLAN and removed the VLAN assignment in the user role.. And presto: The clients are now seeing mDNS frames unicasted to them - from all connected VLANs (as before just by regular multicast).
It even works if I change the broadcast filtering from "disabled or Unicast-ARP-Only" to "ARP" or "All". So like your documentation suggested, mDNS/SSPD frames are passed to clients even if you are doing broadcast filtering.

The ODD thing is other clients assigned to other VLANs by their user-role now also sees unicasted Multicast frames (from all VLANs), so my change apparantly triggered DMO to work, and then it works for user-role assigned VLANs as well. There are two possible reasons why it started working:

1: I'm pretty sure I did not actually have a "Guest" VLAN user connected when testing ealier - so It might be, that the default static assigned VLAN needs a client connected to actually activate DMO

2: No online users in previous tests was connected without a VLAN assignment in their user-role, so it could be at least one client needs to be connected without "derivation" from a user-role to actually activate DMO.

This is on its own ofcourse a bug/problem that needs resolving.- otherwise you might have clients across APs that are not seeing Multicast because the "right" type of client is not connected on their specific AP… but thats another issue for another day…. So far so good. HOWEVER:
This does not really resolve my problem of multicasts from all VLANs being transmitted to all wireless clients (regardless of their VLAN). They are just unicasted now - which is of course a bonus from the airtime perspective.
The documentation suggests you can use the role ACLs to filter which mDNS/SSPD frames are transmitted to/from the client. I can't get that work - any ACLs made in the GUI only allows destination filtering - and seems to relate only to frames transmitted from the client. They have no impact on frames being sent to/recieved by the client.
I then tried adding extended session ACLs by the "wlan access-list session" command and applying that to the user-role - in the hope that filtering by source addresses would kick in on inbound packets to the client. It does not work on the multicast frames sent by DMO - so I'm unable to do any filtering in the user-role…..
I have not determined if it's universal that wlan access-list and wlan access-rule entried are ONLY for client transmitted packets (no inbound effect), or if the access-list rules actually do work on general inbound traffic - just not packets created by DMO (possibly a software priority issue where DMO packets bypass the filter).

Any ideas/suggestions on how to proceed. Is there no way to accomplish this apart from a unique SSID for every VLAN with wireless clients?

Original Message:
Sent: Oct 17, 2025 10:56 AM
From: chulcher
Subject: Dynamic Multicast Optimization dropping frames

The actual documentation is still in process but the relevant snippet:

Dynamic Multicast Optimization

Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:

1.     Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.

2.     Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.

DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver's unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.

When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.

Recommendation

DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.

Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Oct 17, 2025 05:15 AM
From: Keyser
Subject: Dynamic Multicast Optimization dropping frames

Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

-------------------------------------------

Are you sharing the client VLAN(s) amongst multiple WLANs?

I have been doing some testing and faultfinding, and I finally got DMO working. I wanted to test if role-assigned VLANs was considered VLAN deriviation and the reason it didn't work.
So I remapped the default static VLAN on the SSID from "Guest" to my "clients" VLAN and removed the VLAN assignment in the user role.. And presto: The clients are now seeing mDNS frames unicasted to them - from all connected VLANs (as before just by regular multicast).
It even works if I change the broadcast filtering from "disabled or Unicast-ARP-Only" to "ARP" or "All". So like your documentation suggested, mDNS/SSPD frames are passed to clients even if you are doing broadcast filtering.

The ODD thing is other clients assigned to other VLANs by their user-role now also sees unicasted Multicast frames (from all VLANs), so my change apparantly triggered DMO to work, and then it works for user-role assigned VLANs as well. There are two possible reasons why it started working:

1: I'm pretty sure I did not actually have a "Guest" VLAN user connected when testing ealier - so It might be, that the default static assigned VLAN needs a client connected to actually activate DMO

2: No online users in previous tests was connected without a VLAN assignment in their user-role, so it could be at least one client needs to be connected without "derivation" from a user-role to actually activate DMO.

This is on its own ofcourse a bug/problem that needs resolving.- otherwise you might have clients across APs that are not seeing Multicast because the "right" type of client is not connected on their specific AP… but thats another issue for another day…. So far so good. HOWEVER:
This does not really resolve my problem of multicasts from all VLANs being transmitted to all wireless clients (regardless of their VLAN). They are just unicasted now - which is of course a bonus from the airtime perspective.
The documentation suggests you can use the role ACLs to filter which mDNS/SSPD frames are transmitted to/from the client. I can't get that work - any ACLs made in the GUI only allows destination filtering - and seems to relate only to frames transmitted from the client. They have no impact on frames being sent to/recieved by the client.
I then tried adding extended session ACLs by the "wlan access-list session" command and applying that to the user-role - in the hope that filtering by source addresses would kick in on inbound packets to the client. It does not work on the multicast frames sent by DMO - so I'm unable to do any filtering in the user-role…..
I have not determined if it's universal that wlan access-list and wlan access-rule entried are ONLY for client transmitted packets (no inbound effect), or if the access-list rules actually do work on general inbound traffic - just not packets created by DMO (possibly a software priority issue where DMO packets bypass the filter).

Any ideas/suggestions on how to proceed. Is there no way to accomplish this apart from a unique SSID for every VLAN with wireless clients?

Original Message:
Sent: Oct 17, 2025 10:56 AM
From: chulcher
Subject: Dynamic Multicast Optimization dropping frames

The actual documentation is still in process but the relevant snippet:

Dynamic Multicast Optimization

Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:

1.     Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.

2.     Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.

DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver's unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.

When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.

Recommendation

DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.

Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Oct 17, 2025 05:15 AM
From: Keyser
Subject: Dynamic Multicast Optimization dropping frames

Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

-------------------------------------------

No - unless you consider multiple AP's in my Instant cluster advertising the same WLAN for sharing.

Am I correct in concluding there is no way to filter frames that are transmit destined for a Wireless client on the AP by using user-roles?

If no "inbound" traffic filtering is possible in user-roles, then there is no solution. You cannot setup one WLAN ssid with multiple client bridged VLANs (deriviation rules, static user-role or radius returned) IF multicast is needed while maintaining VLAN multicast isolation.

You can choose one of three compromises, but each has it's own limitations or problems:
1: Do full broadcast/multicast filtering so NO mulitcasting works
2: Create one WLAN SSID pr. VLAN to honour VLAN isolation in multicasting (Choice of no multicast filtering or use of DMO) - does not scale or maintain well.
3: Find a working compromise with multicast filtering and Airgroups enabled. This requires your multicast needs are limited to the very simple SSPD/mDNS requirement airgroup can handle - and your network can be architected so Airgroup can be brought to actually work. 

If you do not choose a compromise, each client will be able to see all multicasts from all the bridged clients VLANs on the SSID.

Are you sharing the client VLAN(s) amongst multiple WLANs?

I have been doing some testing and faultfinding, and I finally got DMO working. I wanted to test if role-assigned VLANs was considered VLAN deriviation and the reason it didn't work.
So I remapped the default static VLAN on the SSID from "Guest" to my "clients" VLAN and removed the VLAN assignment in the user role.. And presto: The clients are now seeing mDNS frames unicasted to them - from all connected VLANs (as before just by regular multicast).
It even works if I change the broadcast filtering from "disabled or Unicast-ARP-Only" to "ARP" or "All". So like your documentation suggested, mDNS/SSPD frames are passed to clients even if you are doing broadcast filtering.

The ODD thing is other clients assigned to other VLANs by their user-role now also sees unicasted Multicast frames (from all VLANs), so my change apparantly triggered DMO to work, and then it works for user-role assigned VLANs as well. There are two possible reasons why it started working:

1: I'm pretty sure I did not actually have a "Guest" VLAN user connected when testing ealier - so It might be, that the default static assigned VLAN needs a client connected to actually activate DMO

2: No online users in previous tests was connected without a VLAN assignment in their user-role, so it could be at least one client needs to be connected without "derivation" from a user-role to actually activate DMO.

This is on its own ofcourse a bug/problem that needs resolving.- otherwise you might have clients across APs that are not seeing Multicast because the "right" type of client is not connected on their specific AP… but thats another issue for another day…. So far so good. HOWEVER:
This does not really resolve my problem of multicasts from all VLANs being transmitted to all wireless clients (regardless of their VLAN). They are just unicasted now - which is of course a bonus from the airtime perspective.
The documentation suggests you can use the role ACLs to filter which mDNS/SSPD frames are transmitted to/from the client. I can't get that work - any ACLs made in the GUI only allows destination filtering - and seems to relate only to frames transmitted from the client. They have no impact on frames being sent to/recieved by the client.
I then tried adding extended session ACLs by the "wlan access-list session" command and applying that to the user-role - in the hope that filtering by source addresses would kick in on inbound packets to the client. It does not work on the multicast frames sent by DMO - so I'm unable to do any filtering in the user-role…..
I have not determined if it's universal that wlan access-list and wlan access-rule entried are ONLY for client transmitted packets (no inbound effect), or if the access-list rules actually do work on general inbound traffic - just not packets created by DMO (possibly a software priority issue where DMO packets bypass the filter).

Any ideas/suggestions on how to proceed. Is there no way to accomplish this apart from a unique SSID for every VLAN with wireless clients?

Original Message:
Sent: Oct 17, 2025 10:56 AM
From: chulcher
Subject: Dynamic Multicast Optimization dropping frames

The actual documentation is still in process but the relevant snippet:

Dynamic Multicast Optimization

Dynamic multicast optimization (DMO) is a HPE Aruba Networking innovation that optimizes the forwarding of IP multicast groups using administratively scoped IP multicast addresses. When DMO is enabled and active on a WLAN and radio, explicitly joined IP multicast groups are converted to unicast and transmitted to each IP multicast receiver at their unicast transmit data rates:

1.     Permits IP multicast groups to be received by specific wireless stations that explicitly join the IP multicast groups versus all the wireless stations associated with the BSSID.

2.     Provides a reliable transmission of IP multicast frames by permitting the AP to retransmit missing unicast frames.

DMO relies on IGMP and MLD snooping on the APs to track IP multicast group membership for each wireless station. When an IP multicast group is joined by a wireless station, the AP will replace the multicast receiver address in the 802.11 wireless header for each multicast frame with the receiving hosts MAC address. The multicast group is transmitted by the transmitting radio at each receiver's unicast data rate. One copy of each IP multicast frame is transmitted for each wireless receiver.

When DMO is enabled for a WLAN, it is either in an active or inactive state based on thresholds defined as part of the DMO configuration within the WLAN profile. When enabled and active, each source IP multicast group is forwarded to each receiver at their unicast data transmit rate. For each IP multicast frame received, the AP will replicate and forward the frame to each receiver of that IP multicast group. When the specified channel utilization threshold or client threshold is reached, DMO is deactivated on the transmitting radio. Each active IP multicast group is then forwarded normally as a 802.11 broadcast multicast frame at either the lowest configurated rate for the radio or if MTO is enabled, the configured MTO rate.

Recommendation

DMO is a unique feature designed to support IP multicast applications and should only be enabled after a design consultation with your HPE Aruba Networking account team. Supporting IP multicast in a wireless environment requires additional LAN configuration and if tunnel forwarding is utilized a cluster design review.

Enabling DMO in a WLAN profile also influences how other IP multicast frames are filtered and forwarded by the AP. When DMO is enabled, multicast DNS (MDNS) and simple service discovery protocol (SSDP) frames are forwarded irrespective of the broadcast filtering option applied to the WLAN. Each MDNS/SSDP multicast frame is also converted to unicast prior to forwarding to each active wireless station adding additional load to the APs. If DMO is enabled and MDNS/SSDP needs to be filtered, either AirGroup must be enabled or policies dropping MDNS/SSDP must be applied to the user roles.

------------------------------
Carson Hulcher, ACEX#110

Original Message:
Sent: Oct 17, 2025 05:15 AM
From: Keyser
Subject: Dynamic Multicast Optimization dropping frames

Hi All

I'm having a hard time with "Dynamic Multicast Optimization" in my Instant 8.13.1.0 cluster. 
I have an SSID where I have broadcast filtering disabled completely, and Airgroup Disabled as well.

From all guides and help I can find, enabling "dynamic multicast optimization" should have the AP convert multicast destined frames to unicast and transmit them in unicast to all clients subscribed.

However, when I enable DMO none of my wireless clients gets any multicast destined frames. The easy way to see this is by registering that no - none - mDNS frames are received on clients at all. They become completely mDNS isolated.

Is DMO only for some types of traffic, and the rest is just dropped?

-------------------------------------------