How to allow multi IP address from the same wireless client

Few days ago, my customer called me for a strange wifi problem. When two or more devices with static IP address are bridged behind a wifi client adapter, only one of these devices can reach the network.

Below a sketch that represents the current situation:

How-to-enable-multi-IP-address-from-the-same-wireless-client-ok
How-to-enable-multi-IP-address-from-the-same-wireless-client-ok-2

From the wifi network perspective, sometimes the client .34 can be reached and sometimes the client .50 can be reached, but never at the same time.

wlc-loss-packets

Surfing the web, I discovered a Cisco WLC feature that help me: the passive client feature.

What are passive clients?

Passive clients are wireless devices, such as scales and printers that are configured with a static IP address. These clients do not transmit any IP information such as IP address, subnet mask, and gateway information when they associate with an access point. As a result, the controller never knows the IP address.

Why WLC does not work with passive client by default?

Wireless LAN controllers currently act as a proxy for ARP requests. Since the wireless controller does not have any IP related information about passive clients, it cannot respond to any ARP requests. The current behavior does not allow the transfer of ARP requests to passive clients. Any application that tries to access a passive client will fail.

Moreover, for each wireless client, only one arp entry can be accepted by Cisco WLC; this is why I can ping only one device at a time. Below the debug that explains that behavior:

*dtlArpTask: Feb 22 15:02:51.953: 05:0d:67:a5:44:6b dtlArpInsert: Add ARP entry IP 10.10.17.50, MAC 05:0d:67:a5:44:6b, VLAN 116, INTF 13, Type 0, New 1 (caller apf_foreignap.c:1166)
*dtlArpTask: Feb 22 15:03:01.354: 05:0d:67:a5:44:6b dtlArpInsert: Add ARP entry IP 10.10.17.34, MAC 05:0d:67:a5:44:6b, VLAN 116, INTF 13, Type 0, New 1 (caller apf_foreignap.c:1166)
,arp count = 61
*dtlArpTask: Feb 22 15:03:01.354: 05:0d:67:a5:44:6b dtlArpSetType: Changing ARP Type from 0 ---> 1 for station 05:0d:67:a5:44:6b

Remember: when two or more clients are connected behind a wireless client adapter, the client mac address is changed with the wifi client adapter mac address.

Cisco-wlc-arp-behaviour

How does the passive client feature works?

The passive client feature enables the ARP requests and responses to be exchanged between wired and wireless clients. This feature when enabled, allows the controller to pass ARP requests from wired to wireless clients until the desired wireless client gets to the RUN state.

Note: The passive client is a SSID feature.

How to enable passive client?

passive-client-1
Figure 1: Go to the WLAN menu and select your SSID.
passive-client-2
Figure 2: Go to the advanced menu and enable “Passive Client”.
passive-client-2-popup-1
Figure 3: A popup appears; press OK.
Figure 4: If global multicasting is not enabled, a popup appears.
wlc-enable-global-multicast-mode
Figure 5: Go to Controller menu, Multicast menu and enable “Enable Global Multicast Mode”.

Enable again the “Passive Client” feature under your SSID settings (see figure 1 and 2).

After that, the problem will be fixed:

wlc-loss-packets-ok

Remeber: If you prefer, you can enable this feature by CLI using the commands:

config network multicast global enable
config wlan passive-client {enable | disable} wlan_id

Note: The passive clients feature fix the DHCP problem on a wireless VMWare Virtual Machine.

References: https://www.cisco.com/…/#passive-clients