Configure 9800 Wireless LAN Controller to Connect VM Bridge Client

Available Languages

Download Options

PDF (2.1 MB)
View with Adobe Reader on a variety of devices

Updated:June 23, 2025

Document ID:223126

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to configure a 9800 Wireless LAN Controller (WLC) to connect Virtual Machine (VM) Bridge Client.

Prerequisites

Requirements

Cisco recommends that you have basic knowledge of these topics:

Cisco 9800 Series Wireless LAN Controller (WLC) configuration concepts
Cisco Wave 2 Access Point (AP) configuration concepts
Cisco Access Point registration and mode configuration concepts
VirtualBox networking and virtual machine setup concepts

Components Used

The information in this document is based on these software and hardware versions:

9800-CL WLC with Cisco IOS® 17.15.3
Control And Provisioning of Wireless Access Points (CAPWAP) APs model CW9176I
VM with VirtualBox version 7.1.10
Operating System Ubuntu version 24.04.2 Long-Term Support (LTS)
Wireless client laptops with Windows 11 Home

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command

Background Information

VM utilizes the physical Wi-Fi adapter of the host laptop to establish network connectivity, ensuring seamless integration with the existing network infrastructure. The DHCP server assigns a unique IP address to the VM, enabling proper identification and communication within the network.

While the VM utilizes the host laptop physical Wi-Fi adapter, it does not directly manage the wireless connection. Instead, the host laptop acts as a bridge, managing the Wi-Fi connection and providing network access to the VM. Consequently, the VM cannot view or control Wi-Fi networks directly, as this functionality is handled by the host system. This configuration ensures that the VM maintains a robust presence on the network while efficiently utilizing the host physical resources.

Network Diagram

The network diagram features a Cisco Catalyst 9800 Wireless LAN Controller (WLC) and CW9176I Access Points (APs) that provide wireless connectivity to devices such as a laptop and a virtual machine (VM) hosted on VirtualBox. The 9800 WLC acts as the central management and control unit, ensuring seamless integration and efficient operation of the wireless network. The CW9176I APs, equipped with advanced Wi-Fi 7 capabilities, enable high-speed and reliable wireless communication for connected devices. The Host VM laptop runs Windows 11 Home and operates a VirtualBox VM with Ubuntu software.

Network Diagram

Configurations

VLAN Configurations

The ARP broadcast feature on the Cisco Catalyst 9800 Wireless Controller is essential for enabling communication in networks with passive clients. This feature broadcasts ARP requests across all devices within a VLAN, which is particularly beneficial for passive clients like Virtual Machines in Bridged Adapter mode that do not actively send their IP information.

WLC GUI

Navigate to Configurations > Layer2 > VLAN > Click + Add > VLAN ID "Custom VLAN ID" > Name "Custom Name" > State ACTIVATED > ARP Broadcast ENABLED as shown in the image.

VLAN Configurations

WLC CLI

WLC#
WLC#config t
WLC(config)#vlan [VLAN ID] 
WLC(config-vlan)#name [WORD]
WLC(config-vlan)#exit

WLC(config)#vlan configuration [VLAN ID] 
WLC(config-vlan-config)#arp broadcast
WLC(config-vlan-config)#end
WLC#

Policy Profile Configurations

To ensure seamless connectivity for VMs configured with bridge adapters on the Cisco Catalyst 9800, it is essential to enable the Passive Client feature and disable IP MAC Binding. This setup allows the wireless controller to handle multiple IP addresses associated with a single MAC address, which is common in virtualize environments. Enabling Passive Client ensures traffic flow to the VM machine. Disabling IP-MAC Binding allows the controller to forward traffic to the VM machine without identifying it as IP Theft.

WLC GUI

Navigate to Configurations > Tags & Profile > Policy > Click + Add > General > WLAN Switching Policy > Central Switching ENABLED > Central Authentication ENABLED > Central DHCP ENABLED as shown in the image.

Policy Configurations

Navigate to Access Policies > VLAN > VLAN/VLAN Group > Configure VLAN > Click Apply to Device as shown in the image.

Policy Configurations

WLC CLI

WLC#
WLC#config t
WLC(config)#wireless profile policy [WORD]
WLC(config-wireless-policy)#shutdown 
WLC(config-wireless-policy)#passive-client
WLC(config-wireless-policy)#no ip mac-binding 
WLC(config-wireless-policy)#central switching
WLC(config-wireless-policy)#central dchp
WLC(config-wireless-policy)#central authentication 
WLC(config-wireless-policy)#vlan [WORD | VLAN ID]
WLC(config-wireless-policy)#no shutdown
WLC(config-wireless-policy)#end
WLC#

Warning: Disabling a Policy or configuring it in the enabled state, result in loss of connectivity for clients associated with this Policy profile.

WLAN Configurations

The example illustrates a WLAN configured for Pre-Shared Key (PSK) authentication. However, a WLAN can be configured for 802.1X authentication for a VM using bridge adapter.

Navigate to Configurations > Tags & Profile > WLAN > Click + Add > General > Profile Name "Custom Name" > SSID "Custom Name" > WLAN ID* "Custom Name" > Status ENABLED > Click Apply to Device as shown in the image.

WLAN Configurations

Navigate to Security > Layer2 > PSK "check box" > PSK Format ASCII > PSK Type Unencrypted > Pre-Shared Key* "Custom Key" > Click Update & Apply to Device as shown in the image.

WLAN Configurations

WLC CLI

WLC#
WLC#config t
WLC(config)#wlan [WORD] [WLAN Identifier]
WLC(config-wlan)#shutdown 
WLC(config-wlan)#security wpa akm psk
WLC(config-wlan)#no security wpa akm dot1x
WLC(config-wlan)#security wpa psk set-key ascii [WORD]
WLC(config-wlan)#no shutdown 
WLC(config-wlan)#end
WLC#

Warning: Changing WLAN parameters while it is enabled results in loss of connectivity for clients connected to it.

Policy Tag Configurations

The example illustrates a Policy Tag configurations to bind a specific WLAN profile with a specific Policy profile.

Navigate to Configurations > Tags & Profile > TAG > Click + Add > Name "Custom Name" > WLAN-POLICY Maps: > Click + Add > WLAN Profile* "Select Custom WLAN" > Policy Profile* "Select Custom Policy" > Click the "blue check box" > Click Apply to Device as shown in the image.

Policy Tag Configurations

WLC CLI

WLC#
WLC#config t
WLC(config)#wireless tag policy [WORD]
WLC(config-policy-tag)#wlan [WORD] policy [WORD] 
WLC(config-policy-tag)#end
WLC#

VM Configurations

The Bridged Adapter feature enables a VM to directly access the host machine physical network.

Navigate to Setting > Network > Attached to: Select Bridged Adapter > Name: "Select Laptop Physical WiFi Adapter" > Promiscuous Mode: Select Allow All as shown in the image.

VM Configurations

Note: While this setup utilizes VirtualBox with an Ubuntu OS, the location and naming conventions for specific VM settings can differ depending on the virtualization platform being used.

Verify

From the VM and 9800 WLC, the configuration can be checked with these commands and methods.

VM Confirmation

To confirm that the VM has successfully obtained an IP address from the DHCP server, execute the ifconfig command within the VMs command-line interface. The output display the network configuration, including the assigned IP address if acquired via DHCP.

VM Command-Line Interface

Now perform a ping in the VMs command-line interface to verify gateway reachability.

VM Command-Line Interface

Host VM Confirmation

Verify the IP and MAC address of the Host VM laptop.

Navigate to Host VM laptop CLI and perform the command ifconfig /all.

Host VM laptop

WLC Confirmation

WLC CLI

WLC#
WLC#show wireless profile policy detailed [WORD]
WLC#show wireless tag policy detailed [WORD]
WLC#show wlan name [WORD]
WLC#show vlan
WLC#show platform software arp broadcast
WLC#

Troubleshoot

The WLC only displays the association details for the physical WiFi adapter of the Host VM laptop, including its IP address and MAC address. It does not recognize the VM as an associated client and does not display the VMs IP address or MAC address.

WLC Client Monitoring

The IP address 192.168.166.108 and MAC address dc4b.a152.a65f are assigned to the Host VM laptop. It is important to note that the IP and MAC addresses of the VM itself are not directly visible on the 9800 WLC. However, by performing a packet capture on the Wireless LAN Controller, you can observe the VMs IP address 192.168.166.111 being used as the Source Address for ICMP requests. Similarly, the ICMP replies utilize the VMs IP address as the Destination Address.

Navigate to Monitoring > Wireless > Clients as shown in the image. The image demonstrates that the IP and MAC addresses of the Host VM laptop are clearly visible within the Cisco 9800 WLCs GUI.

WLC Client Monitoring

WLC Packet Capture

The example demonstrates a Packet Capture configurations on a 9800 WLC.

Navigate to Troubleshooting > Packet Capture > Click + Add > Capture Name* "Create Custom Name" > Filter* "any" > Buffer Size* "100" > Available "Select Interface" > Click Apply to Device as shown in the image.

WLC Packet Capture Configurations

WLC CLI

WLC#
WLC#monitor capture [WORD] interface [Interface] [Interface Number] both
WLC#monitor capture [WORD] buffer size 100
WLC#monitor capture [WORD] match any
WLC#monitor capture [WORD] start
WLC#monitor capture [WORD] stop
WLC#monitor capture [WORD] export flash:[Name.pcap]
WLC#no monitor capture [WORD]
WLC# copy flash:<Name.pcap> tftp://<IP ADD>/<Name.pcap>
WLC#

Wireshark Packet Capture

In the Wireshark packet capture, the VMs IP address 192.168.166.111 is observed as the Source Address for ICMP requests. Additionally, the ICMP replies uses the same IP address as the Destination Address.

Receiver address is the AP MAC address
Transmitter address is the Host VM laptop MAC address
Destination address is the Gateway MAC address
Source address is the Host VM laptop MAC address

The image shown is an example of the Wireshark packet capture of the VMs ICMP request to the gateway IP address (192.168.166.1).

Wireshark Packet Capture

Related information

Revision History

Revision	Publish Date	Comments
1.0	23-Jun-2025	Initial Release

Contributed by Cisco Engineers

Chris Edwards
Technical Consulting Engineer

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)

This Document Applies to These Products

Wireless LAN Controller Software

Configure 9800 Wireless LAN Controller to Connect VM Bridge Client

Available Languages

Download Options

Bias-Free Language

Contents

Introduction

Prerequisites

Requirements

Components Used

Background Information

Network Diagram

Configurations

VLAN Configurations

Policy Profile Configurations

Policy Configurations

WLAN Configurations

Policy Tag Configurations

VM Configurations

Verify

VM Confirmation

Host VM Confirmation

WLC Confirmation

Troubleshoot

WLC Client Monitoring

WLC Packet Capture

Wireshark Packet Capture

Related information

Revision History

Contributed by Cisco Engineers

Was this Document Helpful?

Contact Cisco

This Document Applies to These Products