IP-MAC Address Binding
The controller enforces strict IP address-to-MAC address binding in client packets. The controller checks the IP address and MAC address in a packet, compares them to the addresses that are registered with the controller, and forwards the packet only if they both match. The controller checks only the MAC address of the client and ignores the IP address. Disable IP-MAC Address Binding if you have a wireless client that has multiple IP addresses mapped to the same MAC address. Examples include a PC running a VM software in Bridge mode, or a third-party WGB.
You must disable IP-MAC address binding to use an access point in sniffer mode if the access point is associated with a Cisco 2504 Wireless Controller, a Cisco 5508 Wireless Controller, or a controller network module. To disable IP-MAC address binding, enter the config network ip-mac-binding disable .
WLAN must be enabled to use an access point in sniffer mode if the access point is associated with a Cisco 2504 Wireless Controller, a Cisco 5508 Wireless Controller, or a controller network module. If WLAN is disabled, the access point cannot send packets.
Note |
If the IP address or MAC address of the packet has been spoofed, the check does not pass, and the controller discards the packet. Spoofed packets can pass through the controller only if both the IP and MAC addresses are spoofed together and changed to that of another valid client on the same controller. |
This section contains the following subsection: