The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Configuring IPv6 Neighbor Discovery Caching
IPv6 Neighbor Discovery is a set of messages and processes that determine relationships between neighboring nodes. Neighbor Discovery replaces ARP, ICMP Router Discovery, and ICMP Redirect used in IPv4.
At any given time, only eight IPv6 addresses are supported per client. When the ninth IPv6 address is encountered, the controller removes the oldest stale entry and accommodates the latest one.
IPv6 Neighbor Discovery inspection analyzes neighbor discovery messages in order to build a trusted binding table database, and IPv6 neighbor discovery packets that do not comply are dropped. The neighbor binding table in the controller track each IPv6 address and its associated MAC address. Clients are expired from the table according to Neighbor Binding timers.
Configure the neighbor binding parameters by entering this command: config ipv6 neighbor-binding timers {down-lifetime | reachable-lifetime | stale-lifetime} {enable | disable}
Configure the Unknown Address Multicast NS Forwarding by entering this command:
config ipv6 ns-mcast-fwd {enable | disable}
Configure NA Multicast Forwarding by entering this command:
config ipv6 na-mcast-fwd {enable | disable}
If you enable NA Multicast Forwarding, all unsolicited multicast NA from Wired/Wireless is not forwarded to Wireless.
See the status of neighbor binding data that are configured on the controller by entering this command:
show ipv6 neighbor-binding summary
802.3 Bridging
The controller supports 802.3 frames and the applications that use them, such as those typically used for cash registers and cash register servers. However, to make these applications work with the controller, the 802.3 frames must be bridged on the controller.
You can also configure 802.3 bridging using the Cisco Prime Network Control System. See the Cisco Prime Network Control System Configuration Guide for instructions.
Support for raw 802.3 frames allows the controller to bridge non-IP frames for applications not running over IP.
The raw 802.3 frame contains destination MAC address, source MAC address, total packet length, and payload.
By default, Cisco WLCs bridge all non-IPv4 packets (such as AppleTalk, IPv6, and so on). You can also use ACLs to block the bridging of these protocols.
Configuring 802.3 Bridging
802.3X Flow Control is disabled by default. To enable it, enter the config switchconfig flowcontrol enable command.
Fast SSID Change
When fast SSID changing is enabled, the controller allows clients to move faster between SSIDs. When fast SSID is enabled, the client entry is not cleared and the delay is not enforced.
When fast SSID changing is disabled, the controller enforces a delay before clients are allowed to move to a new SSID. When fast SSID is disabled and the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID.
IP-MAC Address Binding
The Cisco WLC enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. In previous releases, the controller checks only the MAC address of the client and ignores the IP address.
You must disable IP-MAC address binding to use an access point in sniffer mode if the access point is associated with a Cisco 2504 WLC, 5508 WLC, or a controller network module. To disable IP-MAC address binding, enter the config network ip-mac-binding disable.
WLAN must be enabled to use an access point in sniffer mode if the access point is associated with a Cisco 2504 WLC, 5508 WLC, or a controller network module. If WLAN is disabled, the access point cannot send packets.
AP TCP MSS Adjust
If the client’s maximum segment size (MSS) in a Transmission Control Protocol (TCP) three-way handshake is greater than the maximum transmission unit can handle, the client might experience reduced throughput and the fragmentation of packets. To avoid this problem in controller software release 6.0 or later releases, you can specify the MSS for all access points that are joined to the controller or for a specific access point.
When you enable this feature, the access point selects the MSS for TCP packets to and from wireless clients in its data path. If the MSS of these packets is greater than the value that you configured or greater than the default value for the CAPWAP tunnel, the access point changes the MSS to the new configured value.
TCP MSS is supported only on APs that are in local mode or FlexConnect with centrally switched WLANs.
Step 1 | Choose WIRELESS > Access Points > Global Configuration to open the Global Configuration page. | ||
Step 2 | Under TCP MSS, select the
Global TCP Adjust MSS
check box and set the MSS for all access points that are associated with the
controller.
Any TCP MSS value that is below 1220 and above 1331 will not be effective for CAPWAP v6 AP . |
Step 1 | Enable or disable the TCP MSS
on a particular access point or on all access points by entering this command:
config ap tcp-mss-adjust {enable|disable} {Cisco_AP | all} size
| ||
Step 2 | Save your changes by entering this command: save config | ||
Step 3 | See the current
TCP MSS setting for a particular access point or all access points by entering
this command:
show ap tcp-mss-adjust {Cisco_AP | all} Information similar to the following appears: AP Name TCP State MSS Size ------------------ -------- ------- AP58AC.78DC.A810 disabled - APa89d.21b2.2688 enabled 1250 AP00FE.C82D.DE80 disabled - |