In backbone, wireless user MAC addresses are sent to wlc Mac addresses

CCC3 · ‎12-12-2024

I'm using the c9800

The ap are used as local mode.

If you do "show ip arp" on the backbone switch

All terminals appear as the MAC address of the wlc, not as their own.

Do you know why?

MHM Cisco World · ‎12-12-2024

Can you more elaborate

MHM

CCC3 · ‎12-12-2024

I am currently using the c9800-l model, and the version is 17.9.5.

The ap are used local mode.

The problem is that when you 'show ip arp' on the backbone switch, the MAC addresses of all clients appear as the MAC addresses of wlc, not their own.

When I configured a separate LAB and tested it, the client's MAC address came out normally.

I don't know what part of the wlc would be good to see.

MHM Cisco World · ‎12-12-2024

Do you enable arp proxy ?

MHM

CCC3 · ‎12-12-2024

I was actually doubting that part.

In fact, the WLC in service has that setting turned off, and when we tested it at LAB, it all appeared as the client's MAC address regardless of whether it was present or not.

** The arp proxy setting was set in policy -> Advanced.

MHM Cisco World · ‎12-12-2024

with arp proxy set the WLC will reply to any ARP of client and hence you see WLC mac in arp table.

MHM

CCC3 · ‎12-12-2024

Is the setting you mentioned 'ip proxy arp' in the SVI of the CLI?
Or
Is it 'ARP Proxy' setting in policy profile -> advanced in GUI?

MHM Cisco World · ‎12-12-2024

ipv4 arp-proxy under wireless profile in CLI is same as ARP proxy in GUI

MHM

CCC3 · ‎12-12-2024

I have a different answer to my question

From the CLI, you can set "ip proxy-arp" in SVI (e.g. interface vlan 200). I asked which of these and settings in GUI you were talking about.

Flavio Miranda · ‎12-12-2024

@CCC3

This is the expect behavior if your WLC is confiuged as proxy ARP.

"

Proxy ARP

Proxy address resolution protocol (ARP) is the most common method for learning about MAC address through a proxy device. Enabling Proxy ARP known as ARP caching in Cisco Catalyst 9800 Series Wireless Controller means that the AP owning client is the destination of the ARP request, replies on behalf of that client and therefore does not send the ARP request to the client over the air. Access points not owning the destination client and receiving an ARP request through their wired connection will drop the ARP request. When the ARP caching is disabled, the APs bridge the ARP requests from wired-to-wireless and vice-versa increasing the air time usage and broadcasts over wireless."

You can check how the configuration is on your WLC.

Configuration > Tags & Profiles > Flex

CCC3 · ‎12-12-2024

All the ap are operating as local mode.

Is it related to ARP caching in Flex Profile settings?

Flavio Miranda · ‎12-12-2024

Your AP is configured as flexconnect right?

CCC3 · ‎12-12-2024

No.

All ap is configured local mode.

Flavio Miranda · ‎12-12-2024

Right, you told above and I missed. But the idea is the same. You have proxy arp enabled and the AP will handle the ARP for the clients.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_arp_proxy.html

Device# configure terminal
Device(config)# wireless profile policy policy-profile1
Device(config-wireless-policy)# ipv4 arp-proxy

CCC3 · ‎12-12-2024

But that setting is turned off in all policy profiles.

When you 'show ip arp' on the backbone switch even though it's turned off, the Mac addresses of the clients appear as the Mac addresses of the wlc.