IP MAC Binding

IP MAC binding

IP MAC binding is a wireless configuration feature that

  • enables wireless device tracking features such as theft detection, proxy, DHCP relay, gleaning, and suppression

  • tracks wireless clients' IPv4 addresses by binding them to their MAC addresses, and

  • is enabled by default in the policy profile.

No IP MAC binding

No IP MAC binding disables all the wireless device tracking features for wireless clients' IPv4 address.


Note

It is not normally necessary to disable IP MAC binding, except for the following scenarios:

  • When you have a single wireless station with multiple IP addresses.

  • When you intentionally have duplicate IP addresses across clients.

  • When you are using ARP-spoofing Network Access Control (NAC) devices.

Note

The IP MAC address binding is enabled by default in the policy profile.

Note

IP MAC binding is required for DHCP Option 82 to work in some situations.

Use cases for no IP MAC binding

The following are the use cases for No IP MAC binding:

  • Disabling IP Learning in FlexConnect Mode

  • Disabling Device Tracking to Support NAC Devices

  • Disabling IP Learning in FlexConnect Mode

Disable IP MAC binding (CLI)

Disable IP MAC binding on a wireless policy profile to remove the restriction that binds client IP addresses to their MAC addresses.
IP MAC binding prevents clients from using IP addresses that are not associated with their MAC addresses. Disabling this feature allows more flexible IP address assignment for wireless clients.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure the wireless profile policy.

Example:

Device(config)# wireless profile policy profile-policy-name

Example:

Device(config)# wireless profile policy test-profile-policy

Step 3

Disable the wireless policy profile.

Example:

Device(config-wireless-policy)# shutdown

Disabling policy profile results in associated AP and client to rejoin.

Step 4

Disable IP MAC binding.

Example:

Device(config-wireless-policy)# no ip mac-binding

Step 5

Enable the wireless policy profile.

Example:

Device(config-wireless-policy)# no shutdown

Step 6

Return to privileged EXEC mode.

Example:

Device(config-wireless-policy)# exit
IP MAC binding is disabled on the wireless policy profile, allowing clients to use IP addresses without MAC address restrictions.

Verify IP MAC binding

Procedure

Command or Action Purpose

Use the following command to verify if IP MAC binding is disabled or enabled:

Example:

Device# show run | b wireless profile policy test-profile-policy
wireless profile policy test-profile-policy
 no ip mac-binding
 vlan VLAN0169