We recently installed WiFi thermostats that connect to a Delta eBMGR, which is connected via ethernet. They utilize the BACnet protocol, which is broadcast traffic. They are on their own subnet, but the AP’s that the thermostats connect to are controlled by a Cisco 5508 WLC. The 5508 only has a checkbox to permit or not permit broadcast traffic. There is no options to allow broadcast for specific SSIDs, and everything I have researched says that it does not care about VLANs, and it will simply propagate the broadcast traffic to everything it can touch. The thermostats will not work without broadcast enabled, but enabling it will allow everything on the WiFi network to broadcast, and we have roughly a thousand clients daily.
My question is, is there any way to work around this? Our budget constraints mean that replacing the 5508 isn’t currently feasible. We had the thought of using ACLs in an attempt to block the broadcast traffic, but I don’t know if that’s necessarily realistic to do since I believe Cisco layer 2 ACLs work by MAC address. Our network is almost entirely layer 2 separated with VLANs, and blocking ports by MAC address would stop other traffic as well. Is there a solution that I’m missing?