Hello,

I have some APs registered on my WLC. My APs broadcast a WPA 802.1x network.

Clients are a non-Cisco WLAN bridge AP, on which some wired devices are connected.

The bridge AP with MSCHAPv2 credentials can successfully auth on the SSID through the WLC and a Radius server.

The problem is only one of the wired devices connected to bridge, is able to traffic on network. When this devices stop talking, next wired device can traffic, etc..

I've resolved the problem by adding the config network ip-mac-binding disable command on the WLC, so now all wired devices can traffic at the same time through bridge AP, then Cisco AP, then WLC, then network, then server.

When the devices contacts the server (which is on same subnet), server adds devices IP address in its ARP table. So during few times packets can be exchanged in both directions.

--> But, when clients stops talking during few minutes, and ARP entry on the server arrives at maximum lifetime and is cleared, server cannot contact device anymore.

Indeed, I try to reproduce this with my PC:

- (1) If I try to ping IP address of the bridge it is OK.

- (2) If I try to ping IP address of one of devices behind the bridge it is NOK. I can see an ARP packet leaving my PC, but the answer never comes.

- (3) If I ping my PC from one of devices behind the bridge, it is OK and my PC adds ARP entry in its table.

- (4) So if I retry (2) step, it is OK now, only during preceding ARP lifetime.

- (5) When ARP is cleared, if I add a static ARP entry in my table, I can ping the device behind the bridge again.

So, it seems that WLC blocks ARP resolutions coming from the wired network to a wireless client behind a bridge.

As I have about 600 clients, it is very heavy to add 600 static ARP entries in my servers tables, so do know a parameter on the WLC which permits this traffic ?

Regards,

Clement