Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
2-25
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 2 Cisco Unified Wireless Technology and Architecture
Design Considerations
Figure 2-15
ARP Frame
Upon seeing a wireless client ARP request, the WLC will either respond directly, acting as an ARP proxy
in behalf of the other wireless clients, or it will forward the request out it’s wired interface to have it
resolved by another WLC. The WLC will not forward the ARP broadcast back out to the WLAN.
in behalf of the other wireless clients, or it will forward the request out it’s wired interface to have it
resolved by another WLC. The WLC will not forward the ARP broadcast back out to the WLAN.
The default behavior of the WLC is to respond to ARP queries directly based on its local ARP cache.
The WLC CLI command: network arpunicast enable can be used to override this behavior. In this case
the WLC will unicast an ARP request directly to the target host rather than responding in behalf of the
target. The target will unicast its ARP reply back to the requesting host. The purpose of this command
is to avoid excessive retries by IP clients looking for a WLAN client that may have roamed from the
WLAN network.
The WLC CLI command: network arpunicast enable can be used to override this behavior. In this case
the WLC will unicast an ARP request directly to the target host rather than responding in behalf of the
target. The target will unicast its ARP reply back to the requesting host. The purpose of this command
is to avoid excessive retries by IP clients looking for a WLAN client that may have roamed from the
WLAN network.
Other Broadcast and Multicast Traffic
As mentioned earlier the WLC (by default) will not forward broadcasts or multicasts toward the wireless
users. If multicast forwarding is explicitly enabled as described in
users. If multicast forwarding is explicitly enabled as described in
steps should be taken to minimize the multicast traffic generated on those interfaces
that the WLC connects to.
All normal precautions should be taken to limit the multicast address groups explicitly supported by a
WLAN. When multicast is enabled, it is global in nature, meaning it is enabled for every WLAN
configured regardless if multicast is needed by that WLAN or not. The unified wireless solution is not
able to distinguish between data link layer versus network layer multicast traffic neither is the WLC
capable of filtering specific multicast traffic. Therefore, the following additional steps should be
considered:
WLAN. When multicast is enabled, it is global in nature, meaning it is enabled for every WLAN
configured regardless if multicast is needed by that WLAN or not. The unified wireless solution is not
able to distinguish between data link layer versus network layer multicast traffic neither is the WLC
capable of filtering specific multicast traffic. Therefore, the following additional steps should be
considered:
•
Disable CDP on interfaces connecting to WLCs.
•
Port filter incoming CDP and HSRP traffic on VLANs connecting to the WLCs.
•
Remember that multicast is enabled for all WLANs on the WLC, including the Guest WLAN,
therefore multicast security including link layer multicast security must be considered.
therefore multicast security including link layer multicast security must be considered.
Design Considerations
Within a Cisco Unified Wireless deployment, the primary design considerations are: AP connectivity,
and WLC location and connectivity. This section will briefly discuss these topics and make general
recommendations where appropriate.
and WLC location and connectivity. This section will briefly discuss these topics and make general
recommendations where appropriate.