Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1017
Views
5
Helpful
3
Replies

C9800 IPv4 ARP / IPv6 ND proxy

Johannes Luther
Level 4
Level 4

‎03-31-2021 01:25 AM - edited ‎07-05-2021 01:03 PM

Hi wireless experts,

I'm a "last follower" in Wireless technologies and in the process to evaluate the C9800. If you look in the very details, the thing is very differently from the AireOS boxes... Now I'm struggeling regarding the right IPv4 ARP / IPv6 ND proxy functionality.

 

Let's recap how the AireOS WLC works (local mode APs):

IPv4: WLC acts as a full ARP proxy. So no ARP packets are sent out to the wireless clients. The WLC handles ARP responses, because it has a full MAC-to-IP-binding table. Why is this good?

Airtime saving (ARP = broadcast = lowest configured mandatory wireless data rate [which is bad by the way])

=> This behavior is configurable or changeable by using the "passive-client" functionality

 

IPv6: WLC does not act as an ND proxy. The ND Multicast packets are converted to L2 Multicast for Airtime optimization (unsolicited ND = Multicast = highest mandatory data rate... / if converted to Unicast, it's a (hopefully) high supported data rate)

 

C9800

Without any config tweaking, the WLC default behavior is:

- No IPv4 ARP proxy

- No IPv6 ND proxy (but with L2 Multicast->Unicast conversion of ND frames)

 

The current best practices state:

In Release 17.3, the Catalyst 9800 can be configured to act as a proxy for ARP traffic and respond on behalf of a registered client. The configuration is under the policy profile:
C9800(config)#wireless profile policy <name>
C9800(config-wireless-policy)#ipv4 arp-proxy
This is the recommended setting as it will save battery life on the wireless devices because the WLC will answer ARP on behalf of the device.

 Go that ...

What about IPv6 (IPv6 is always forgotten ...)? Is there any recommendation regarding the "ipv6 nd full proxy"?

How do you guys handle L2 adress resolution in your Catalyst based (non-Flex, non-SDA) deployments?

0 Helpful
3 Replies 3

Scott Fella
Hall of Fame
Hall of Fame

‎03-31-2021 08:23 AM

Reach out to your Cisco SE and have him/her see if its in the roadmap.  You know ipv6 is always a step behind:)

-Scott
*** Please rate helpful posts ***
0 Helpful

Johannes Luther
Level 4
Level 4

‎04-01-2021 01:04 AM

Hi Scott,

thank you for the reply. Sorry, maybe I explained the whole thing incorrect.

Beginning with 17.3 the "ipv6 nd full-proxy" was implemented - so the feature is there.

 

However, the best practices only give recommendations to implement the IPv4 ARP proxy. The document doesn't state anything regarding IPv6.
So what is the best approach here? I can't think of any drawbacks (except potential bugs) when implementing the IPv6 ND proxy (not considering IPv6 SEND).
My point of view is: If I proxy IPv4 adress resolution, I proxy IPv6 adress resolution as well to have consistency. But I might be wrong

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Johannes Luther

‎04-01-2021 01:53 AM

Well keep in mind that what they have set in best practices, sometimes does not work well in some environments. Just like the best practices in the AireOS GUI, I would not use some of their recommendations.
I don’t see any reason not to try it to be honest. If it gets you what you want with no issues, then make it a standard in your deployment.
-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card