Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1928
Views
15
Helpful
6
Replies

mac-ip address binding issue in cisco wlc 2504

bepeen
Level 1
Level 1

‎07-27-2014 12:19 AM - edited ‎07-05-2021 01:17 AM

Hello!

 

I am having problem in configuring wlc 2504, in a security option i applied mac-filtering and it works fine.

Now I need to configure mac-ip address binding, i tried both with gui and cli method but it is not working. While configuring mac-filtering on gui there is a option to define ip address, after defining xx.xx.xx.xx ip address for device xx it is not peaking particular ip from the pool.  

mac-filtering is still working with out issue.

Also tried with cli.....

Looking through the configuration guide i tried every possible ways but couldn't get any resolution.

mac-binding, mac-filtering is enable,

What will be the possible causes of this?

dose it support mac-ip binding in its local database?

I would be thankful in your any suggestions and advises!  

 

  

Labels:
0 Helpful
6 Replies 6

mohanak
Cisco Employee
Cisco Employee

‎07-27-2014 04:08 AM

Note

If the IP address or MAC address of the packet has been spoofed, the check does not pass, and the controller discards the packet. Spoofed packets can pass through the controller only if both the IP and MAC addresses are spoofed together and changed to that of another valid client on the same controller.

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01101.html

 

 

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎07-27-2014 08:42 AM

That configuration is only used for passive clients:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01001100.html

Configuring Local MAC Filters (CLI)

  • Create a MAC filter entry on the controller by entering the config macfilter add mac_addr wlan_id [interface_name] [description] [IP_addr] command. The following parameters are optional:
    • mac_addr—MAC address of the client.
    • wlan_id—WLAN id on which the client is associating.
    • interface_name—The name of the interface. This interface name is used to override the interface configured to the WLAN.
    • description—A brief description of the interface in double quotes (for example, “Interface1”).
    • IP_addr—The IP address which is used for a passive client with the MAC address specified by the mac addr value above.
-Scott
*** Please rate helpful posts ***
0 Helpful

bepeen
Level 1
Level 1
In response to Scott Fella

‎07-28-2014 12:06 AM

Thank you for your suggestions!

 

In that case what will be the appropriate solution?

should I have to change my entire configuration in-order to fix this issue?

I am still not clear about "passive client" "sniffer mode" terms used.

Devices in used:

AP 1602 (internal) - 15 units

AP 1532 (external) - 5 units

WLC 2504

HA 2504

HA is not deployed yet!

I have around 700 clients in WLAN, since, It is very panic to configure one by one mac-filtering for all devices please suggest me if there is another procedure to configure or delete all at once.

 

And I found that the external ap 1532 is not joining WLC from LAN port, what are the major differences in LAN and PoE port beside power injunction.

I am using power adapter.

i would really appreciate if you could help me out!

 

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to bepeen

‎07-28-2014 04:42 AM

I would not be using Mac filters at all if you ask me what I would do.  How you should setup your network, depends on many things, like devices, encryption the device supports, you using radius, do you have a PKI infrastructure, you using active directory, etc.  your better off using 802.1x if you can or if you have devices that don't support 802.1x, then use preshared key. 

As far as the 1532, have you looked at the install guide to help you with that?  You need to setup the AP as capwap and follow the instructions for joining the 1532 to the WLC.  Here are some docs:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-6/b_1532_dg/b_1532_dg_chapter_01.html

http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1530-series/guide-c07-729725.pdf

Scott

-Scott
*** Please rate helpful posts ***
0 Helpful

bepeen
Level 1
Level 1
In response to Scott Fella

‎07-28-2014 05:37 AM

Thank you for the reply!

I have simple network setup, no radius, tacacs+ server and all devices doesn't support 801.1X.

Currently preshared key is in used as a security option.

There is a Active Directory in my network but no security parameter was define from server end.

Router with firewall integrated is in used for ISP connection, WLC is connected with switch in a trunk port. There are three VLAN's created in-order to segregate departments, each department is assigned with different firewall policy.

Every thing is working properly, i just want to know whether ip-mac binding works in my current scenario or not?

Should I have to setup external server for that purpose!

I am exactly looking for ip-mac binding in my current scenario.

Your suggestion will be highly appreciated!

Thanks!

  

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎07-29-2014 12:11 AM

Please refer to the link in community forum that address the same issue-

https://supportforums.cisco.com/discussion/11947826/how-configure-mac-ip-bindings-cisco-wlc-2504

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card