Re: WLC & ARP

Hi Joe,

I'd be happy to see any results you come up with there. Thanks for helping
track this one down. It is interesting to think about what happens...we
know the ARP is encapsulated inside an LWAPP / CAPWAP packet but where that
gets sent and how is something that doesn't seem to be very well documented
thusfar.

On Wed, Oct 26, 2011 at 2:13 PM, Joseph L. Brunner
<joe_at_affirmedsystems.com>wrote:

> Joe,
>
> I can offer some insight and if necessary run some debugs right now on a
> real network to determine this for you.
>
> First, re:
>
> >Looking on my L3 switch connected to the AP, it definitely has all the
> IP/MAC pairings of the wireless clients I'm just wondering how they got
> there.
>
> In many implementations the L3 switch is the DHCP server... I almost NEVER
> use the WLC as the DHCP server as I had some issues with this and I like to
> keep it all on the switch for both the clients and the AP's themselves,
> receiving option 43 as an IP address. So if the wireless client takes a dhcp
> lease, for at least the arp timeout period (14400, etc) it's going to be in
> the arp table... of course just like any wired switch, clients need only
> send 1 frame per 300 seconds to remain in the cam table. With the dozen or
> so protocols running by default on windows 7 and mac OSX is pretty easy to
> do this.
>
> So back to your core question - does the WLC scope the ARP broadcast to 1
> ap (perhaps based on authentication cache, 802.1x mac entry, etc) or must it
> forward it each time to all ap's?
>
> I cannot login to the AP's and do debugs in LWAP mode so I propose this
> test -
>
> 1. I'll associate 2 laptops with 2 different AP's on the same WLAN managed
> by a WLC, giving them both static IP Addresses.
> 2. One laptop will have a SECONDARY IP address (and therefore will not
> source any Microsoft windows 7 multicast discovery packets or anything else
> from this address)
> 3. I'll run wireshark on both laptops in promiscuous mode, etc.
> 4. I'll ping the one laptop's SECONDARY IP ADDRESS from the layer 3 switch
> (which is also the dhcp server for the segment although again the laptops
> will not be doing dhcp)
> 5. I'll advise if I see the ARP broadcast on one or both laptops. (this is
> our control for when the IP to mac cannot be "known" ahead of time, as in
> the case of dhcp snooping, but using a wireless authentication protocol that
> may keep mac to ip info cached on the WLC and one or more AP's for roaming)
> 6. Next, to determine if the WLC can actually scope ARP broadcasts if mac =
> "KNOWN" (by any method) wait 600 seconds for my L3 Switch arp timeout and
> ping laptop A, while running Wireshark on laptop B.
> 7. If I DO NOT see the ARP BROADCAST on laptop B - the WLC obviously scoped
> the ARP broadcast to only the AP where laptop A was registered.
>
> Thoughts?
>
> -Joe
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Joe Astorino
> Sent: Wednesday, October 26, 2011 1:36 PM
> To: Groupstudy
> Subject: OT: WLC & ARP
>
> I have been searching on this topic for a while but can't find a specific
> answer. Does anybody know how a Cisco WLC handles ARP broadcasts for
> wireless clients? Let's say a user on the wired network wants to talk to a
> wireless client. You have a WLC connected to a L3 switch somewhere in your
> infrastructure and several LWAPs. The packet gets routed to the L3 switch,
> and the L3 switch has a directly connected L3 interface for the client
> where
> the WLC lives. At this point the L3 switch does an ARP broadcast to find
> the MAC address of the wireless client. That broadcast gets to the WLC --
> Now what?
>
> It doesn't seem to make sense that the WLC would forward the ARP broadcast
> over an LWAP tunnel to EVERY access point and that the access points would
> then forward it to every client. So, what happens? Is it some sort of
> proxy arpish type thing the WLC does? Things I have read so far seem to
> indicate that the WLC answers the ARP request with the MAC of the client,
> as
> it knows the MAC from when the client associated with the remote AP but I
> can't find anything that specifically confirms this.
>
> Anybody know? Looking on my L3 switch connected to the AP, it definitely
> has
> all the IP/MAC pairings of the wireless clients I'm just wondering how they
> got there. Thanks!
>
> --
> Regards,
>
> Joe Astorino
> CCIE #24347
> Blog: http://astorinonetworks.com
>
> "He not busy being born is busy dying" - Dylan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Regards,
Joe Astorino
CCIE #24347
Blog: http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net