09-02-2022 04:23 AM
Hi All
I recently discovered that the WLC 17.9.1 offers in the Policy Profile an option to enable/disable IP MAC Binding, which is required for example when using VMware Workstation with a bridged Guest, so that both, the host and guest can get an IP address through the same Wi-Fi adapter. Only works with Central Switched VLANs and not with FlexConnect (at the moment while testing).
On 17.3.5a I can't see this option. Nor did I see any mention in the release notes from 17.2 - 17.9 about this new feature.
I wonder when this was added.
The documentation of 17.2 already mentions something about this here:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-2/config-guide/b_wl_17_2_cg/dhcp_for_wlans.html#id_130537
Does anybody have more information?
Thanks,
Patrick
09-02-2022 08:05 AM
I found some time for testing. This feature was added somewhere between 17.7 and 17.9 in the GUI.
CLI command for it is:
wireless profile policy PROFILENAME
no ip mac-binding
exit
What I need to test though, if this also enables the use of Wireless Bridges with LAN attached clients.
09-02-2022 08:26 AM
I can see it in 17.6 configs though ...
The description though is more about enabling seamless roaming between APs on flex local switching.
09-02-2022 08:55 AM - edited 09-02-2022 12:00 PM
I have this working in a lab in Flex mode. It allows multiple wireless clients to have the same IP address.
09-02-2022 10:44 AM
Could you maybe share how you managed to get this working? I'm trying to have an IP assigned with DHCP to a virtual machine running on VMWare Workstation in bridged mode in a FlexConnect environment. I can see DHCP Discovery arriving on DHCP server and DHCP Offer leaving siwtchport in direction access point. But nothing arrives on WiFi-NIC and therefore not on the virtual machine. IP assignment on the host where VMWare is running works fine.
08-01-2025 03:28 AM
I'm not sure why but I had to disable this feature for policy configuration to be able to share the same IP scope for multiple different remote locations that run in flex mode. while this being enabled clients stuck in IP learn state the whole time, event if the client was visible in the routers arp.
08-19-2025 02:42 AM
@Amar_Tufo did you remember to configure "ip overlap" in the flex profile?
Also from Best Practices guide (link below):
- Don't use the same site tag name across multiple FlexConnect sites (this includes the default-site-tag). The C9800 doesn’t know about your physical locations and there is no point in distributing client keys across APs in different physical locations as roaming will never happen. Also, different site tag names are a requirement to support client overlapping IP addresses across Flex connect sites for local switching SSIDs.
- Starting release 17.3.3, C9800 supports client overlapping IP addresses across different site tags. The site tag in each site should be unique as C9800 uses the combination of site-tag + IP address as a unique ID for the client (called zone-id)
- Note: Client overlapping IP addresses is only available for Flex deployment in local switching with local DHCP server; for all other deployments (local mode, central switching, central DHCP, etc.), overlapping IPs are still not supported.
"no ip mac-binding" should only be required for passive clients:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#PassiveClients
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-6/config-guide/b_wl_17_6_cg/m_vewlc_flex_connect.html#enable-proxy-arp
Section "Overlapping Client IP Address in Flex Deployment" is just below the Proxy ARP section.
08-19-2025 02:43 AM
Please make new post
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide