Contents

Configuring WLAN IP snooping· 1

About WLAN IP snooping· 1

Client IPv4 address learning· 1

Client IPv6 address learning· 1

Disabling snooping ARP packets· 1

Configuring snooping DHCPv4 packets· 2

Enabling snooping DHCPv6 packets· 2

Enabling snooping ND packets· 3

Display and maintenance commands for WLAN IP snooping· 3

WLAN IP snooping configuration examples· 3

Example: Configuring WLAN IP snooping· 3

 

Configuring WLAN IP snooping

About WLAN IP snooping

WLAN IP snooping enables an AP to learn clients' IP addresses through snooping ARP, DHCP, ND, and HTTP/HTTPS packets and generate snooping entries that record client IP address, MAC address, and learning method. The entries will be used by AAA for 802.1X and MAC authentication client accounting.

Client IPv4 address learning

An AP learns client IPv4 addresses by using the following methods:

·     Snooping ARP packets sent by clients.

For more information about ARP, see Network Connectivity Configuration Guide.

·     Snooping DHCPv4 packets exchanged between client and server.

For more information about DHCP, see Network Connectivity Configuration Guide.

·     Snooping HTTP/HTTPS requests redirected to the portal server.

For more information about portal authentication, see User Access and Authentication Configuration Guide.

The priorities for learning IP addresses through snooping DHCPv4 packets, ARP packets, and HTTP/HTTPS requests are in descending order.

Client IPv6 address learning

An AP learns client IPv6 addresses by using the following methods:

·     Snooping DHCPv6 packets exchanged between client and server.

For more information about DHCPv6, see Network Connectivity Configuration Guide.

·     Snooping ND packets, including Router Advertisement (RA) packets, Neighbor Solicitation (NS) packets, and Neighbor Advertisement (NA) packets sent by clients.

For more information about ND, see Network Connectivity Configuration Guide.

·     Snooping HTTP/HTTPS requests redirected to the portal server.

The priorities for learning IPv6 addresses through snooping DHCPv6 packets, ND packets, and HTTP/HTTPS requests are in descending order.

Disabling snooping ARP packets

About this task

By default, an AP learns client IPv4 addresses by snooping ARP and DHCPv4 packets. Perform this task to disable client IPv4 address learning from ARP packets.

Procedure

1.     Enter system view.

system-view

2.     Create a service template and enter its view.

wlan service-template service-template-name

3.     Disable snooping ARP packets.

undo client ipv4-snooping arp-learning enable

By default, snooping ARP packets is enabled.

Configuring snooping DHCPv4 packets

About this task

By default, an AP learns client IPv4 addresses by snooping ARP and DHCPv4 packets. You can perform this task to disable client IPv4 address learning from DHCPv4 packets and set the timeout for IPv4 address learning through DHCP.

With the timeout set, the system logs off clients that fail to obtain an IPv4 address through DHCP within the specified period.

Restrictions and guidelines

The timeout takes effect only on clients coming online afterwards from the AC.

Procedure

1.     Enter system view.

system-view

2.     Create a service template and enter its view.

wlan service-template service-template-name

3.     Disable snooping DHCPv4 packets.

undo client ipv4-snooping dhcp-learning enable

By default, snooping DHCPv4 packets is enabled.

4.     (Optional.) Set the timeout for IPv4 address learning through DHCP.

client ipv4-snooping dhcp-learning timeout value

By default, the timeout is 0 and the system does not log off clients that fail to obtain an IPv4 address through DHCP.

Enabling snooping DHCPv6 packets

About this task

By default, an AP does not learn client IPv6 addresses. Perform this task to enable client IPv6 address learning from DHCPv6 packets.

Procedure

1.     Enter system view.

system-view

2.     Create a service template and enter its view.

wlan service-template service-template-name

3.     Enable snooping DHCPv6 packets.

client ipv6-snooping dhcpv6-learning enable

By default, snooping DHCPv6 packets is disabled.

Enabling snooping ND packets

About this task

By default, an AP does not learn client IPv6 addresses. Perform this task to enable client IPv6 address learning from ND packets.

Procedure

1.     Enter system view.

system-view

2.     Create a service template and enter its view.

wlan service-template service-template-name

3.     Enable snooping ND packets.

client ipv6-snooping nd-learning enable

By default, snooping ND packets is disabled.

Display and maintenance commands for WLAN IP snooping

Execute the display command in any view.

 

Task	Command
Display statistics about clients with conflict IP addresses.	display wlan statistics client-ip-conflict

 

 

WLAN IP snooping configuration examples

Example: Configuring WLAN IP snooping

Network configuration

As shown in Figure 1, configure the AP to learn the client's IP address only from DHCPv6 packets.

Figure 1 Network diagram

‌

Procedure

# Configure wireless services. (Details not shown.)

For more information, see WLAN Access Configuration Guide.

# Disable snooping ND packets.

<AP> system-view

[AP] wlan service-template service

[AP-wlan-st-service] undo client ipv6-snooping nd-learning enable

# Enable snooping DHCPv6 packets.

[AP-wlan-st-service] client ipv6-snooping dhcpv6-learning enable

[AP-wlan-st-service] quit

Verifying the configuration

# Verify that the AP has learned the IPv6 address of the client.

[AP] display wlan client ipv6

MAC address    AP name              IPv6 address                            VLAN

84db-ac14-dd08 fatap                1::2:0:0:3                              1