Passive Client
什么是Passive Client?
被动客户端(Passive Client)是配置有静态IP地址的无线设备,例如磅秤、打印机和配置配置静态地址的VMware虚拟机等。这些客户端与AP关联时,不会传输任何IP信息。结果,当使用被动客户端时,除非这些客户端使用DHCP的方式,否则WLC将用于无法支持其IP地址。
Cisco WLC当前充当ARP Requests的代理。当收到ARP请求后,Cisco WLC会以ARP Response进行响应,而不是直接将请求传递给客户端。这有两个优点:
- 向客户端发送ARP请求的上游设备无法知道客户端的位置。
- 节约了用电池供电的设备(例如移动电话和打印机)的电源,因为它们不需要响应每个ARP请求。
由于无线控制器没有任何有关被动客户端的IP相关信息,因此它无法响应任何ARP请求。 当前行为不允许将ARP请求传输到被动客户端。 任何尝试访问被动客户端的应用程序都会失败。
Passive Client feature使ARP请求和响应可以在有线和无线客户端之间交换。 启用此功能后,允许控制器将ARP请求从有线客户端传递到无线客户端,直到所需的无线客户端进入RUN状态。
配置Passive Client
注意:To configure passive clients, you must enable multicast-multicast or multicast-unicast mode.
Third-Party WGBs and Client VMs
Information About Non-Cisco Workgroup Bridges
When a Cisco workgroup bridge (WGB) is used, the WGB informs the access points of all the clients that it is associated with. The controller is aware of the clients associated with the access point. When non-Cisco WGBs are used, the controller has no information about the IP address of the clients on the wired segment behind the WGB. Without this information, the controller drops the following types of messages:
- ARP REQ from the distribution system for the WGB client
- ARP RPLY from the WGB client
- DHCP REQ from the WGB client
- DHCP RPLY for the WGB client
The following are some guidelines for non-Cisco workgroup bridges:
- The controller can accommodate non-Cisco WGBs so that the controller can forward ARP, DHCP, and data traffic to and from the wired clients behind workgroup bridges by enabling the passive client feature. To configure your controller to work with non-Cisco WGBs, you must enable the passive client feature so that all traffic from the wired clients is routed through the WGB to the access point. All traffic from the wired clients is routed through the work group bridge to the access point.
- When a WGB wired client leaves a multicast group, the downstream multicast traffic to other WGB wired clients is interrupted briefly.
- If you have clients that use PC virtualization software such as VMware, you must enable this feature.
- You must enable the passive client functionality for all non-Cisco workgroup bridges.
- You might need to use the following commands to configure DHCP on clients:
- Disable DHCP proxy by using the config dhcp proxy disable command.
- Enable DHCP boot broadcast by using the config dhcp proxy disable bootp-broadcast enable command.
Restrictions for Non-Cisco Workgroup Bridges
- Only Layer 2 roaming is supported for WGB devices.
- Layer 3 security (web authentication) is not support for WGB clients.
- Visibility of wired hosts behind a WGB on a controller is not supported because the non-Cisco WGB device performs MAC hiding. Cisco WGB supports IAPP.
- ARP poisoning detection does not work on a WLAN when the flag is enabled.
- VLAN select is not supported for WGB clients.
- Some third-party WGBs need to operate in non-DHCP relay mode. If problems occur with the DHCP assignment on devices behind the non-Cisco WGB, use the config dhcp proxy disable and config dhcp proxy disable bootp-broadcast disable commands.
The default state is DHCP proxy enabled. The best combination depends on the third-party characteristics and configuration.
好好学习,天天向上!