Hi,

When I search the Arp proxy in the policy profile, it ensures that the arp packets destined for the wireless users are answered by the controller before they reach the user clients. The problem I'm having is that arp packets are unicast when the user asks for their gateway (i.e. an SVI IP address outside the controller).

Thanks for reply. Have a nice day...

Hi, 

yes, client learn gateway IP address from dhcp process and it sends arp request for learnin mac address of default gateway. İ capture this packet with wireshark and this packet!s destination mac address ffff.ffff.ffff.I also started radioactive trace via wlc and I see the following output.

(debug): RX: vlan 218 Source MAC: xxxx.xxxx.xxxx Dest MAC: ffff.ffff.ffff ARP REQUEST, ARP sender MAC: xxxx.xxxx.xxxx ARP target MAC: 0000.0000.0000 ARP sender IP: a.a.a.a, ARP target IP: a.a.a.254,
 (ERR): MAC: 8c60.4f03.1441 DOT11 fsm is not allocated yet.
(debug): TX: ARP from interface capwap_90400018 on vlan 218 Source MAC: xxxx.xxxx.xxxx Dest MAC: 8c60.4f03.1441 ARP REQUEST, ARP sender MAC: xxxx.xxxx.xxxx ARP target MAC: 0000.0000.0000 ARP sender IP: a.a.a.a, ARP target IP: a.a.a.254

this log showed me that wlc changed the arp package from ffff to unicast and this mac address and these mac addresses are not available on my network. 

It can be because your Access Point is in central mode and you have capwap tunnel in between. Which capwap tunnel, you can see the user mac address only after the tunnel is open by the wlc and exchange the packet with its gateway. 

Sounds to me like one of the clients is using the same IP address as your gateway.  Are you sure the gateway address is excluded on your DHCP server and you have DHCP required for clients?

What version of software are you using?

Have you checked your WLC config with https://cway.cisco.com/wireless-config-analyzer/ using output of "show tech wireless"?

Yes, I am sure that gateway IP addess is out of pool(pool end 200, hsrp gateway 254, one svi is 253 other 252).  C9800-80 software version 17.3.4c; ROM: 16.12(5r). I check bug search tool bug related to this th's problem but i did not found any problem or bugs. I investigate  Wireless Config Analyzer Express output but there are not any missing or wrong configuration.  

what i don't understand, client send broadcast arp packet to learning mac address of gateway but wlc change destination mac address from ffff.ffff.ffff to 005d.7317.b12f. I search this mac address whole brodcast domain but i didn't found. I delete this vlan on my controller for clearing cache and create again but the problem continues. When I reboot controller, problem is temporarily solved/ But after time approximately 3-4 day same problem occurs again. 

So:

For a start update to latest 17.3 with all AP service packs applied.  Just because you didn't find any bugs doesn't mean they don't exist.  Sometimes they're hidden from us (Cisco internal only) and sometimes the description might be quite different or misleading.

Better still update to 17.6.5 or 17.9.3 and then if you're still seeing the same problem and can't explain it then open a TAC case.