cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1170
Views
0
Helpful
3
Replies

WAP replying to ARP on Ethernet

Bobby Stojceski
Level 1
Level 1

I have a fleet of Cisco 2702 access points running on a WLC, and lately I have noticed that the AP's are replying to ARP requests on their ethernet interface.

For example, a DHCP request occurs by a wired device which is on a VLAN also trunked to the WAP's. The DHCP sends an offer as normal, the  phone gets the offer and does it's ARP broadcast to check for duplicates. The WAP then replies to the ARP broadcast giving it the MAC address of the device that just got the IP address offered by DHCP.

Unlucky for us, our Cisco 7937 conference phones (really Polycom) and Polycom-branded conference phones don't like the fact that anything replies to the ARP broadcast, and without looking at the MAC provided in the ARP reply, the phone assumes the IP is used and tries DHCP again. Keeps doing this until the scope is filled and phones stop working.

Other IP phones do not have DHCP issues. I assume they handle the ARP reply with their own MAC address within it better.

Why are WAP's replying to ARP broadcasts on the wired network??

I thought maybe this was a bug on WLC 8.1.131.0 and the 2702 AP. But jsut not I have the same issue with my Lab WLC running 8.3.102.0 and a 2702 AP.

Any ideas? CIsco TAC has been less than helpful. usual runaround stalling tactics they've been famous for the past couple of years.

Thanks

3 Replies 3

Milos Megis
Level 3
Level 3

Hi,
try login into WLC, go to Controller tab / General, and disable "Broadcast forwarding".

Maybe this help.

It was a good try but unfortunately that is already disabled on my WLC.Thanks

Bobby Stojceski
Level 1
Level 1

Okay so what it looks like is this:

1. The WAP's are connected to trunk ports which trunk all VLANs (including the Voice VLAN)

2. The WAP's are in FlexConnect local switching mode and have FlexConnect arp-cache enabled.

3. Wireless IP phones are connected to the AP's and the phones are put onto the same VLAN as wired IP phones, including the Cisco 7937 handsets.

4. For unknown reasons, a random WAP decides to keep the ARP of clients on the wired network of the Voice VLAN. On the WAP you actually see a long list of ARP entries with the interface as "GigabitEthernet0.xx"  (Voice VLAN ID on the end)

5. When the WAP starts doing this, it responds to ARP broadcasts (by design since the WAP has FlexConnect arp-cache enabled). But it is only supposed to reply to ARP for wireless clients to save their battery

6. When the Cisco 7937 phones goes to do an IP renewal or request, the DHCP server responds and the 7937 does it's ARP broadcast for the IP it received to check for duplicates (all normal at this point). But then, the WAP responds to the ARP broadcast with the MAC address of the phone that did the ARP request. The 7937 then sees this reply (even though it is advised that it itself is the owner of that IP) and assumes it is a duplicate and sends back a BAD_ADDRESS to the DHCP server. Then the process begins again and again until the scope runs out, since the DHCP server marks each available address as BAD_ADDRESS as it goes along.

So the issue cause as I see it:

1. The WAP is keeping ARP entries for wired clients for unknown reasons, and

2. The Cisco 7937 phones (and a Polycom SoundStation IP 7000) is rejecting an IP address incorrectly. Poor firmware? It's not affecting my 7841, 7942 and 8831 phones.

So the 'fix' would be to disable flexconnect arp-cache on the WAP's and take a bit of a hit on batteries. Or, move the wireless IP phones to a separate VLAN.

I have confirmed the above all exist with the following firmware at least:

WLC 8.1.131.0
WLC 8.3.102.0
2702i/e  15.3(3)JBB6$
2702i/e  15.3(3)JD$

Review Cisco Networking for a $25 gift card