Login
- Table of Contents
-
- 02-WLAN
- 00-Preface
- 01-AP management configuration
- 02-Radio management configuration
- 03-WLAN access configuration
- 04-WLAN security configuration
- 05-WLAN authentication configuration
- 06-WIPS configuration
- 07-WLAN QoS configuration
- 08-WLAN roaming configuration
- 09-WLAN load balancing configuration
- 10-WLAN radio resource measurement configuration
- 11-Channel scanning configuration
- 12-Band navigation configuration
- 13-WLAN high availability configuration
- 14-802.11r configuration
- 15-Wireless location configuration
- 16-Hotspot 2.0 configuration
- 17-WLAN RRM configuration
- 18-WT configuration
- 19-IoT AP configuration
- 20-CM tunnel configuration
- 21-Cloud connection configuration
- 22-WLAN IP snooping configuration
- 23-WLAN fast forwarding configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 22-WLAN IP snooping configuration | 187.02 KB |
Contents
WLAN IP snooping configuration task list
Disabling snooping ARP packets
Disabling SNMP from getting client IPv6 addresses learned from ND packets
Enabling snooping HTTP requests redirected to the portal server
WLAN IP snooping configuration example
Configuring WLAN IP snooping
Overview
WLAN IP snooping enables an AP to learn clients' IP addresses through snooping ARP, DHCP, and HTTP packets and generate snooping entries that record IP addresses, MAC addresses, and learning method. The entries will be used by IP Source Guard to determine whether to forward client packets. For more information about IP Source Guard, see Security Configuration Guide.
Client IPv4 address learning
An AP learns client IPv4 addresses by using the following methods:
· Snooping DHCPv4 packets exchanged between client and server.
For more information about DHCP, see Layer 3—IP Services Configuration Guides.
· Snooping ARP packets sent by clients.
For more information about ARP, see Layer 3—IP Services Configuration Guides.
· Snooping HTTP requests redirected to the portal server.
For more information about portal authentication, see Security Configuration Guides.
The priorities for learning IP addresses through snooping DHCPv4 packets, ARP packets, and HTTP requests are in descending order.
Client IPv6 address learning
An AP learns client IPv6 addresses by using the following methods:
· Snooping DHCPv6 packets exchanged between client and server.
For more information about DHCPv6, see Layer 3—IP Services Configuration Guides.
· Snooping ND packets, including Router Advertisement (RA) packets, Neighbor Solicitation (NS) packets, and Neighbor Advertisement (NA) packets sent by clients.
For more information about ND, see Layer 3—IP Services Configuration Guides.
· Snooping HTTP requests redirected to the portal server.
For more information about portal authentication, see Security Configuration Guides.
The priorities for learning IPv6 addresses through snooping DHCPv6 packets, ND packets, and HTTP requests are in descending order.
WLAN IP snooping configuration task list
|
Tasks at a glance |
|
(Optional.) Disabling snooping ARP packets |
|
(Optional.) Disabling snooping ND packets |
|
(Optional.) Disabling SNMP from getting client IPv6 addresses learned from ND packets |
|
(Optional.) Enabling snooping HTTP requests redirected to the portal server |
Disabling snooping ARP packets
About ARP packet snooping
By default, an AP learns client IPv4 addresses by snooping ARP and DHCPv4 packets. Perform this task to disable client IPv4 address learning from ARP packets.
Procedure
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a service template and enter its view. |
wlan service-template service-template-name |
N/A |
|
3. Disable snooping ARP packets. |
undo client ipv4-snooping arp-learning enable |
By default, snooping ARP packets is enabled. |
Disabling snooping ND packets
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a service template and enter its view. |
wlan service-template service-template-name |
N/A |
|
3. Disable snooping ND packets. |
undo client ipv6-snooping nd-learning enable |
By default, snooping ND packets is enabled. |
Disabling SNMP from getting client IPv6 addresses learned from ND packets
This feature enables SNMP to obtain only client IPv6 addresses learned from DHCPv6 packets.
To disable SNMP from getting client IPv6 addresses learned from ND packets:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a service template and enter its view. |
wlan service-template service-template-name |
N/A |
|
3. Disable SNMP from getting client IPv6 addresses learned from ND packets. |
undo client ipv6-snooping snmp-nd-report enable |
By default, SNMP obtains client IPv6 addresses learned from both DHCPv6 and ND packets. |
Enabling snooping HTTP requests redirected to the portal server
The AC can use this method to learn IP addresses of portal-authenticated clients.
To enable snooping HTTP requests redirected to the portal server:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a service template and enter its view. |
wlan service-template service-template-name |
N/A |
|
3. Enable snooping HTTP requests redirected to the portal server. |
client ip-snooping http-learning enable |
By default, snooping HTTP requests is disabled. |
WLAN IP snooping configuration example
Network requirements
As shown in Figure 1, configure the AP to learn the client's IPv6 address only from DHCPv6 packets.
Configuration procedure
# Configure wireless services. (Details not shown.)
For more information, see "Managing APs" and "Configuring WLAN access."
# Disable snooping ND packets.
<AC> system-view
[AC] wlan service-template service
[AC-wlan-st-service] undo client ipv6-snooping nd-learning enable
