Passive Client
Passive clients
Enable passive client on WLAN policy profile (GUI)
Enable passive client on WLAN policy profile (CLI)
Enable ARP broadcast on VLAN (GUI)
Enable ARP broadcast on VLAN (CLI)
Configure passive client in fabric deployment
- Enable broadcast underlay on VLAN
  - Configure Ethernet service and enable broadcast underlay
- Enable ARP flooding
  - Enable ARP flooding for Ethernet service
Verify passive client configuration

Passive Client

Passive clients

A passive client is a wireless device that

connects to the wireless network using a static IP address
does not transmit IP information after associating with an AP, and
requires additional mechanisms for controllers to learn its IP address (such as ARP requests or DHCP).

Feature history

Table 1. Feature history table for passive clients
Feature name	Release information	Feature description
Passive clients	Cisco IOS XE 16.11.1	This feature enables special handling for wireless clients (such as printers and devices with static IPs) that do not transmit IP information after associating with an AP.

Passive clients are wireless devices, such as printers and devices configured using a static IP address. Such clients do no transmit any IP information after associating to an AP. That is why, the controller does not learn their IP address unless they perform the DHCP process.

In the controller, the clients just show up in the Learn IP state and get timed out because of the DHCP policy-timeout.

Changes in default behaviour

The Passive Client feature can be enabled on a per WLAN basis. Enabling this feature will change a few default behaviors in order to better accommodate passive clients . These changes include :

No client will ever timeout in the IP_LEARN phase. The controller will keep on waiting to learn their IP address. Note that the idle timeout remains active and will delete the client entry after the timeout period expiry, if the client remains silent all along.
ARP coming from the wired side is broadcasted to all the APs, if the controller does not know the client IP address, to ensure that it reaches the passive client. After this, the controller learns the client IP from the ARP response.

Enable passive client on WLAN policy profile (GUI)

Allow devices that do not transmit packets (passive clients) to remain connected on the WLAN.

Use this task to enable support for passive clients on specific WLAN policy profiles.

Procedure

Step 1	Choose Configuration > Tags & Profiles > Policy page, click Add to open the Add Policy Profile page.
Step 2	In the General tab, use the slider to enable Passive Client.
Step 3	Click Save & Apply to Device.

The policy profile is updated to support passive clients on the WLAN.

Enable passive client on WLAN policy profile (CLI)

Enable the passive client feature for a selected WLAN policy profile.

Use the passive client feature to allow devices that do not actively communicate with the controller to be recognized and managed on the WLAN.

Procedure

Step 1	Enter global configuration mode. Example: `Device# configure terminal`
Step 2	Configure WLAN policy profile and enter wireless policy configuration mode. Example: `Device(config)# wireless profile policy policy-profile`
Step 3	Enable passive client. Example: `Device(config-wireless-policy)# [no] passive-client`
Step 4	Return to privileged EXEC mode. Example: `Device(config-wireless-policy)# end`

The passive client feature is now enabled for the specified WLAN policy profile.

Device# configure terminal
Device(config)# wireless profile policy rr-xyz-policy-1
Device(config-wireless-policy)# [no] passive-client
Device(config-wireless-policy)# end

Enable ARP broadcast on VLAN (GUI)

Enable ARP broadcast functionality for VLANs.

Procedure

Step 1	Choose Configuration > Layer2 > VLAN page, click VLAN tab.
Step 2	Click Add to view the Create VLAN window.
Step 3	Use the slider to enable ARP Broadcast.
Step 4	Click Save & Apply to Device.

The selected VLAN now supports ARP broadcasts and propagates ARP requests.

Enable ARP broadcast on VLAN (CLI)

Enable ARP broadcast on a specified VLAN to allow devices within that VLAN to respond to ARP requests.

Procedure

Step 1	Enter global configuration mode. Example: `Device# configure terminal`
Step 2	Configure a VLAN or multiple VLANs to enter VLAN configuration mode. Example: `Device(config)# vlan configuration vlan-id`
Step 3	Enable ARP broadcast on VLAN. Example: `Device(config-vlan)# [no] arp broadcast`
Step 4	Return to privileged EXEC mode. Example: `Device(config-vlan)# end` You can also press Ctrl-Z to exit global configuration mode.

ARP broadcast is successfully enabled for the specified VLAN.

Device# configure terminal
Device(config)# vlan configuration 1
Device(config-vlan)# [no] arp broadcast
Device(config-vlan)# end

Configure passive client in fabric deployment

A passive client is a client device that

does not send its own IP address information in packets (such as ARP requests)
relies on the network infrastructure to discover and maintain its presence, and
is supported in fabric deployments where special handling is required to ensure connectivity.

You need to enable these features:

Enable ARP broadcast on VLANs to support passive client discovery.
Enable LISP multicast to facilitate address learning. For information on LISP multicast, see https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-lisp-multicast.html.

For information on LISP (Locator ID Separation Protocol), see https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_lisp/configuration/xe-3s/irl-xe-3s-book/irl-cfg-lisp.html.

Enable broadcast underlay on VLAN

Configure LISP instance and IPv4 service

Set up the LISP instance and enable IPv4 services to support mappings from endpoint identifier (EID) to routing locator (RLOC) in your network fabric.

Perform these configuration tasks only on the Fabric Edge Node. Do not perform them from the controller.

Procedure

Step 1	Enter global configuration mode. Example: `FabricEdge# configure terminal`
Step 2	Enter LISP configuration mode. Example: `FabricEdge(config)# router lisp`
Step 3	Create a LISP EID instance to group multiple services. The configuration applied under this instance ID applies to all services in the group. Example: `FabricEdge(config-router-lisp)# instance-id instance`
Step 4	Enable Layer 3 network services for the IPv4 address family. Enter the service submode. Example: `FabricEdge(config-router-lisp-instance)# service ipv4`
Step 5	Configure EID to RLOC mapping relationship. Example: `FabricEdge(config-router-lisp-instance-dynamic-eid)# database-mapping eid locator-set rloc-name`
Step 6	Generate a static map request for the destination EID. Example: `FabricEdge(config-router-lisp-instance-service)# map-cache destination-eid map-request`
Step 7	Exit service submode. Example: `FabricEdge(config-router-lisp-instance-service)# exit-service-ipv4`
Step 8	Exit instance submode. Example: `FabricEdge(config-router-lisp-instance)# exit-instance-id`

A system with a LISP instance and IPv4 service is now configured.

FabricEdge# configure terminal
FabricEdge(config)# router lisp
FabricEdge(config-router-lisp)# instance-id 3
FabricEdge(config-router-lisp-instance)# service ipv4
FabricEdge(config-router-lisp-instance-dynamic-eid)# database-mapping 66.66.66.64/32 locator-set rloc1
FabricEdge(config-router-lisp-instance-service)# map-cache 0.0.0.0/0 map-request
FabricEdge(config-router-lisp-instance-service)# exit-service-ipv4
FabricEdge(config-router-lisp-instance)# exit-instance-id

Configure Ethernet service and enable broadcast underlay

Set up the LISP instance and enable IPv4 services to support endpoint identifier (EID) to routing locator (RLOC) mappings in the fabric.

Procedure

Step 1	Create a LISP EID instance to group multiple services. Example: `FabricEdge(config-router-lisp)# instance-id instance`
Step 2	Enable Layer 2 network services and enter service submode. Example: `FabricEdge(config-router-lisp-instance)# service ethernet`
Step 3	Associate the LISP instance ID with a VLAN. This VLAN provides reachability to the endpoint identifier address space. Example: `FabricEdge(config-router-lisp-instance-service)# eid-table vlan vlan-number`
Step 4	Specify the multicast group that the underlay uses to carry broadcast traffic for the overlay Layer 2 network. Example: `FabricEdge(config-router-lisp-instance-service)# broadcast-underlay multicast-group`
Step 5	Exit service submode. Example: `FabricEdge(config-router-lisp-instance-service)# exit-service-ethernet`
Step 6	Exit instance submode. Example: `FabricEdge(config-router-lisp-instance)# exit-instance-id`

The Ethernet service is enabled and the broadcast underlay support is configured for the specified VLAN and multicast group.

FabricEdge(config-router-lisp)# instance-id 101
FabricEdge(config-router-lisp-instance)# service ethernet
FabricEdge(config-router-lisp-instance-service)# eid-table vlan 101
FabricEdge(config-router-lisp-instance-service)# broadcast-underlay 239.0.0.1
FabricEdge(config-router-lisp-instance-service)# exit-service-ethernet
FabricEdge(config-router-lisp-instance)# exit-instance-id

Enable ARP flooding

Enable ARP flooding for IPv4 service

Enable ARP flooding on the Fabric Edge Node for IPv4.

Perform these configuration tasks from Fabric Edge Node. You cannot perform them from your controller.

Procedure

Step 1	Enter global configuration mode. Example: `FabricEdge# configure terminal`
Step 2	Enter LISP configuration mode. Example: `FabricEdge(config)# router lisp`
Step 3	Create a LISP EID instance to group multiple services. This configuration applies to all services grouped under the instance-id. Example: `FabricEdge(config-router-lisp)# instance-id instance`
Step 4	Enable Layer 3 network services for the IPv4 address family and enter service submode. Example: `FabricEdge(config-router-lisp-instance)# service ipv4`
Step 5	Configure EID to RLOC mapping relationship. Example: `FabricEdge(config-router-lisp-instance-dynamic-eid)# database-mapping eid locator-set rloc1`
Step 6	Generate a static map request for the destination EID. Example: `FabricEdge(config-router-lisp-instance-service)# map-cache destination-eid map-request`
Step 7	Exit service submode. Example: `FabricEdge(config-router-lisp-instance-service)# exit-service-ipv4`
Step 8	Exit instance submode. Example: `FabricEdge(config-router-lisp-instance)# exit-instance-id`

You have enabled ARP flooding on the Fabric Edge Node for IPv4.

FabricEdge# configure terminal
FabricEdge(config)# router lisp
FabricEdge(config-router-lisp)# instance-id instance
FabricEdge(config-router-lisp-instance)# service ipv4
FabricEdge(config-router-lisp-instance-dynamic-eid)# database-mapping 66.66.66.64/32 locator-set rloc1
FabricEdge(config-router-lisp-instance-service)# map-cache 0.0.0.0/0 map-request
FabricEdge(config-router-lisp-instance-service)# exit-service-ipv4
FabricEdge(config-router-lisp-instance)# exit-instance-id

What to do next

Enable ARP flooding for Ethernet service.

Enable ARP flooding for Ethernet service

Enable ARP flooding for the Ethernet service on the Fabric Edge Node.

Procedure

Step 1	Create a LISP EID instance, which groups multiple services. Example: `FabricEdge(config-router-lisp)# instance-id instance`
Step 2	Enable Layer 2 network services and enter service submode. Example: `FabricEdge(config-router-lisp-instance)# service ethernet`
Step 3	Associate the LISP instance ID you configured earlier with a VLAN. The VLAN provides access to the endpoint identifier address space. Example: `FabricEdge(config-router-lisp-instance-service)# eid-table vlan vlan-number`
Step 4	Enable ARP flooding. Example: `FabricEdge(config-router-lisp-instance-service)# flood arp-nd`
Step 5	Configure EID to RLOC mapping relationship. Example: `FabricEdge(config-router-lisp-instance-service)# database-mapping mac locator-set rloc1`
Step 6	Exit service submode. Example: `FabricEdge(config-router-lisp-instance-service)# exit-service-ethernet`
Step 7	Exit instance submode. Example: `FabricEdge(config-router-lisp-instance)# exit-instance-id`

You have enabled ARP flooding on the Fabric Edge Node for Ethernet service.

FabricEdge(config-router-lisp)# instance-id 101
FabricEdge(config-router-lisp-instance)# service ethernet
FabricEdge(config-router-lisp-instance-service)# eid-table vlan 101
FabricEdge(config-router-lisp-instance-service)# flood arp-nd
FabricEdge(config-router-lisp-instance-service)# database-mapping mac locator-set rloc1
FabricEdge(config-router-lisp-instance-service)# exit-service-ethernet
FabricEdge(config-router-lisp-instance)# exit-instance-id

Verify passive client configuration

To verify the status of the passive client, use this command:

Device# show wireless profile policy detailed sample-profile-policy

Policy Profile Name           : sample-profile-policy
Description                   : sample-policy
Status                        : ENABLED
VLAN                          : 20
Client count                  : 0
Passive Client                : ENABLED    <--------------------
WLAN Switching Policy
  Central Switching           : ENABLED
  Central Authentication      : ENABLED
  Central DHCP                : DISABLED
  Override DNS                : DISABLED
  Override NAT PAT            : DISABLED
  Central Assoc               : DISABLED
.
.
.

To verify VLANs that have ARP broadcast enabled, use this command:

Device# show platform software arp broadcast
Arp broadcast is enabled on vlans:
20

Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE 16.12.x

Bias-Free Language

Results

Chapter: Passive Client

Passive Client

Passive clients

Feature history

Changes in default behaviour

Enable passive client on WLAN policy profile (GUI)

Procedure

Enable passive client on WLAN policy profile (CLI)

Procedure

Example:

Example:

Example:

Example:

Enable ARP broadcast on VLAN (GUI)

Procedure

Enable ARP broadcast on VLAN (CLI)

Procedure

Example:

Example:

Example:

Example:

Configure passive client in fabric deployment

Enable broadcast underlay on VLAN

Configure LISP instance and IPv4 service

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Configure Ethernet service and enable broadcast underlay

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Enable ARP flooding

Enable ARP flooding for IPv4 service

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

What to do next

Enable ARP flooding for Ethernet service

Procedure

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Verify passive client configuration

Was this Document Helpful?

Contact Cisco