Static IP Client Mobility

Static IP client mobility

Static IP client mobility is a wireless network capability that

  • allows clients with static IP addresses to maintain connectivity when roaming between controllers

  • tunnels client traffic to controllers that support the client’s original subnet, and

  • ensures reliable service across controllers within the same mobility group.

Behavior and configuration details for static IP client mobility

Wireless networks sometimes require clients to use static IP addresses. When these clients move within the network, they may attempt to associate with different controllers.

If a client tries to connect to a controller that does not support the subnet that matches the static IP address, the connection fails. The controller inspects ARP requests from the client to determine whether the IP address was assigned by DHCP or was statically configured.

If the ARP request contains an IP address that is not present on any of the controller’s Switched Virtual Interfaces (SVIs), the client is disconnected with a VLAN_FAIL error. In this case, client traffic is backhauled without explicit disconnection. The disconnection behavior that results from a VLAN mismatch was introduced in the 17.9.1 release.

Example of static IP client mobility in action

  • If a wireless client with a static IP address moves to a controller that does not support the client’s subnet, the controller analyzes the ARP request. If the subnet is not recognized, the controller disconnects the client, and the client traffic is backhauled.

  • When the client moves to a controller within the same mobility group that supports the correct subnet, the traffic is tunneled to the appropriate controller. As a result, the client remains connected to the network even when subnet support varies across controllers.

Restrictions for static IP client mobility

  • This feature is not supported on the Fabric and Cisco Catalyst 9800 Wireless Controller for Switch platforms.

  • IPv6 is not supported.

  • FlexConnect mode is not supported.

  • WebAuth (LWA and CWA) is not supported.

  • Only Open, 802.11ax, and PSK authentication mechanisms are supported.

  • This feature is supported only on WLANs that do not have a mobility anchor configured. If a mobility anchor is configured on a WLAN and static IP mobility is enabled, the feature is not supported.

  • This feature is supported only when all peers are configured for static IP mobility.

  • IRCM is not supported.

Configure a static IP client mobility profile (GUI)

Provide guidance for users to draft a clear and concise purpose and results statement, outlining the objectives and expected outcomes for their task or project.

Procedure

Step 1

Choose Configuration > Tags & Profiles > Policy .

Step 2

On the Policy page, click the policy profile name or click Add to create a new one.

Step 3

Click the Mobility tab.

Step 4

Set the Static IP Mobility field to Enabled state.

Step 5

Click Update & Apply to Device .

Static IP clients are able to roam seamlessly between access points, maintaining their network sessions and improving overall connectivity.

Configure a static IP client mobility (CLI)

Enable wireless client devices with static IP addresses to seamlessly roam between controllers in the network while maintaining their IP configuration.

Before you begin

  • Configure the SVI interface (L3 VLAN interface) to service the static IP client on at least one of the peer controllers in the network.

  • For clients to join a controller, the VLAN (based on the VLAN number in the policy profile configuration) should be configured on the device.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure a WLAN policy profile and enter wireless policy configuration mode.

Example:

Device(config)# wireless profile policy profile-policy-name

Step 3

Enable static IP mobility.

Example:

Device(config-wireless-policy)# static-ip-mobility

Static IP client mobility is successfully configured. Wireless clients with static IP addresses can roam across controllers without losing connectivity or their IP settings.

Verify static IP client mobility

Use these commands to verify the static IP client mobility configuration:

Device# show wireless profile policy detailed static-ip-policy
     

Policy Profile Name           : static-ip-policy
Description                   : 
Status                        : DISABLED
VLAN                          : 1
Wireless management interface VLAN        : 34
Passive Client                : DISABLED
ET-Analytics                  : DISABLED
StaticIP Mobility             : DISABLED
WLAN Switching Policy
  Central Switching           : ENABLED
  Central Authentication      : ENABLED
  Central DHCP                : DISABLED
  Flex NAT PAT            : DISABLED
  Central Assoc               : DISABLED
WLAN Flex Policy
  VLAN based Central Switching           : DISABLED
WLAN ACL
  IPv4 ACL                    : Not Configured
  IPv6 ACL                    : Not Configured
  Layer2 ACL                  : Not Configured
  Preauth urlfilter list      : Not Configured
  Postauth urlfilter list     : Not Configured
WLAN Timeout
  Session Timeout             : 1800
  Idle Timeout                : 300
  Idle Threshold              : 0
WLAN Local Profiling
  Subscriber Policy Name      : Not Configured
  RADIUS Profiling            : DISABLED
  HTTP TLV caching            : DISABLED
  DHCP TLV caching            : DISABLED
WLAN Mobility
  Anchor                      : DISABLED
AVC VISIBILITY                : Disabled
Flow Monitor IPv4
  Flow Monitor Ingress Name   : Not Configured
  Flow Monitor Egress Name    : Not Configured
Flow Monitor IPv6
  Flow Monitor Ingress Name   : Not Configured
  Flow Monitor Egress Name    : Not Configured
NBAR Protocol Discovery       : Disabled
Reanchoring                   : Disabled
Classmap name for Reanchoring
  Reanchoring Classmap Name   : Not Configured
QOS per SSID
  Ingress Service Name        : Not Configured
  Egress Service Name         : Not Configured
QOS per Client
  Ingress Service Name        : Not Configured
  Egress Service Name         : Not Configured
Umbrella information
  Cisco Umbrella Parameter Map : Not Configured
Autoqos Mode                  : None
Call Snooping                 : Disabled
Fabric Profile
  Profile Name                : Not Configured
Accounting list
  Accounting List               : Not Configured
DHCP
  required                    : DISABLED
  server address              : 0.0.0.0
 Opt82
  DhcpOpt82Enable             : DISABLED
  DhcpOpt82Ascii              : DISABLED
  DhcpOpt82Rid                : DISABLED
  APMAC                       : DISABLED
  SSID                        : DISABLED
  AP_ETHMAC                   : DISABLED
  APNAME                      : DISABLED
  POLICY TAG                  : DISABLED
  AP_LOCATION                 : DISABLED
  VLAN_ID                     : DISABLED
Exclusionlist Params
  Exclusionlist               : ENABLED
  Exclusion Timeout           : 60
AAA Policy Params
  AAA Override                : DISABLED
  NAC                         : DISABLED
  AAA Policy name             : default-aaa-policy
WGB Policy Params
  Broadcast Tagging           : DISABLED
  Client VLAN                 : DISABLED
Mobility Anchor List
  IP Address                                  Priority
  -------------------------------------------------------


Device# show run | section profile policy

wireless profile policy default-policy-profile
 central switching
 description "default policy profile"
 static-ip-mobility
 vlan 50
 no shutdown