Buy or Renew
Buy or Renew
Register Here! - Join us 11/13 for the "Navigating DHCP Processes in SD-Access Network" Community Live event
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1146
Views
0
Helpful
2
Replies

VM on Desktop over wireless SDA design question

pdubas
Cisco Employee
Cisco Employee

‎07-21-2020 09:07 AM

Hello, I have a customer that is looking to deploy the below scenario and is looking to see if this is a limitation or if there’s another way of making this architecture work:

 

Deployment scenario:

VM (e.g. SGT B) -> Microsoft OS (e.g. SGT A) -> Wireless -> SDA fabric

 

Customer summary of what they ran into:

“As for Wifi, essentially due to how Wifi works, even though the VM is bridged through the base OS vswitch, it uses the Host MAC in the wifi frames. The WLC already has the MAC associated to the host IP and just doesn’t forward the DHCP discovers. In theory this is kinda good behaviour. It stops some potential DHCP exhaustion attacks and so forth, but it breaks enabling bridged VM’s over wireless. So essentially people are at home on crappy wifi and the Router is too dumb to care and VM’s work. They come into the office and stuff doesn’t work leading to the wifi being “garbage/crappy/unkind names”

 

There was a work around that involved like turning of Proxied DHCP/ARP/enabling passive client. But, it may need Multicast and couldn’t be used with an 802.1x SSID or some such. I was never able to get a straight answer out of TAC.”

 

Any thoughts, advice, guidance, would be greatly appreciated.

Labels:
0 Helpful
2 Replies 2

thomas
Cisco Employee
Cisco Employee

‎07-22-2020 10:42 AM - edited ‎07-22-2020 10:42 AM

No mention of VM OS or specific hypervisor so unclear if it is a bug with that combination.

Sounds to me like they are using the VM(s) in NAT mode rather than Host mode.

You must use Host mode to allow the VM(s) to talk directly on the wire with their own MAC address, perform 802.1X/MAB to get VLAN/ACL/SGT assignment and obtain a unique, DHCP-assigned IP address separate from the physical Host.

0 Helpful

sandjose
Cisco Employee
Cisco Employee
In response to thomas

‎07-22-2020 08:24 PM - edited ‎07-22-2020 08:27 PM

If using Cisco WLC, ensure that the WIFI NIC is using a unique MAC-address. Use the host mode/Nat mode in Virtual desktop so that the mac is either unique or we use host wifi(nat mode) connectivity to get access to the network.

 

The problem lies in the fact that mac-address is unique within the state machine of the WLC and the final state of the policy state machine is to go into the "RUN" state and this is achieved after learning the IP. The state machine has to be in the "RUN" state for the wifi clients to forward traffic. If the state machine is in any other state other than the "RUN" state the data path is blocked.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents