Configuring Dynamic Anchoring for Clients with Static IP Addresses

Dynamic Anchoring for Clients with Static IP

At times you may want to configure static IP addresses for wireless clients. When these wireless clients move about in a network, they could try associating with other controllers. If the clients try to associate with a controller that does not support the same subnet as the static IP, the clients fail to connect to the network. You can now enable dynamic tunneling of clients with static IP addresses.

Dynamic anchoring of static IP clients with static IP addresses can be associated with other controllers where the client’s subnet is supported by tunneling the traffic to another controller in the same mobility group. This feature enables you to configure your WLAN so that the network is serviced even though the clients use static IP addresses.

How Dynamic Anchoring of Static IP Clients Works

The following sequence of steps occur when a client with a static IP address tries to associate with a controller:

  1. When a client associates with a controller, for example, WLC-1, it performs a mobility announcement. If a controller in the mobility group responds (for example WLC-2), the client traffic is tunneled to the controller WLC-2. As a result, the controller WLC 1 becomes the foreign controller and WLC-2 becomes the anchor controller.

  2. If none of the controllers responds, the client is treated as a local client and authentication is performed. The IP address for the client is updated either through an orphan packet handling or an ARP request processing. If the IP subnet of the client is not supported in the controller (WLC-1), WLC-1 sends another static IP mobile announce and if a controller (for example WLC-3) that supports the client's subnet responds to that announcement, the client traffic is tunneled to that controller, that is WLC-3. As a result, the controller WLC 1 becomes the export foreign controller and WLC-3 becomes the export anchor controller.

  3. Once the acknowledgment is received, the client traffic is tunneled between the anchor and the controller (WLC-1).


    Note

    If you configure WLAN with an interface group and any of the interfaces in the interface group supports the static IP client subnet, the client is assigned to that interface. This situation occurs in local or remote (static IP Anchor) controller.

    When AAA override is used along with the interface group that is mapped to WLAN, the source interface that is used for DHCP transactions is the Management interface.

    If the interface group that you add to a WLAN has RADIUS Server Overwrite interface enabled and a client requests for authentication, the controller selects the first IP address from the interface group as the RADIUS server.



    Note

    A security level 2 authentication is performed only in the local (static IP foreign) controller, which is also known as the exported foreign controller.


Restrictions on Dynamic Anchoring for Clients With Static IP Addresses

  • Do not configure overridden interfaces when you perform AAA for static IP tunneling, this is because traffic can get blocked for the client if the overridden interface does not support the client’s subnet. This can be possible in extreme cases where the overriding interface group supports the client’s subnet.

  • The local controller must be configured with the correct AAA server where this client entry is present.

The following restrictions apply when configuring static IP tunneling with other features on the same WLAN:

  • Auto anchoring mobility (guest tunneling) cannot be configured for the same WLAN.

  • FlexConnect local authentication cannot be configured for the same WLAN.

  • The DHCP required option cannot be configured for the same WLAN.

  • You cannot configure dynamic anchoring of static IP clients with FlexConnect local switching.

  • We recommend that you configure the same NTP/SNTP servers on the Cisco WLCs. If the NTP/SNTP servers are different, ensure that the system time on all Cisco WLCs is the same when NTP/SNTP is enabled. If the system time is not in sync, seamless mobility might fail in some scenarios. Also, a Cisco WLC that has the lagging time with NTP/SNTP enabled drops the mobile announce messages.

Configuring Dynamic Anchoring of Static IP Clients (GUI)

Procedure


Step 1

Choose WLANs to open the WLANs page.

Step 2

Click the ID number of the WLAN on which you want to enable dynamic anchoring of IP clients. The WLANs > Edit page is displayed.

Step 3

Choose the Advanced tab to open the WLANs > Edit (Advanced) page.

Step 4

Enable dynamic anchoring of static IP clients by selecting the Static IP Tunneling check box.

Step 5

Click Apply to commit your changes.


Configuring Dynamic Anchoring of Static IP Clients (CLI)

config wlan static-ip tunneling {enable | disable} wlan_id — Enables or disables the dynamic anchoring of static IP clients on a given WLAN.

To monitor and troubleshoot your controller for clients with static IP, use the following commands:

  • show wlan wlan_id —Enables you to see the status of the static IP clients feature.

    
    …………..
    Static IP client tunneling.............. Enabled
    …………..
    
  • debug client client-mac

  • debug dot11 mobile enable

  • debug mobility handoff enable