FortiWLC – Utilizing Multiple IPs on a Single MAC

Utilizing Multiple IPs on a Single MAC

In current implementations, a typical client machine (or station) is granted a single IP Address per wireless adapter in use. However, with the growing use of Virtual Machine models (provided by VMware, Parallels, etc.), a single station can run multiple Operating Systems from a single client. With this release of Fortinet FortiWLC (SD), each Virtual Machine can now be provided with an individual IP Address, making it much easier to troubleshoot packet transmissions.

To support this function, the FortiWLC (SD) ESS Profile screen has a new function labeled MIPS, which is disabled by default. With this function enabled, packets are bridged across from the “host”, or main, Operating System to the “guest”, or virtual, system(s) as needed. The following notes apply:

  • All data packets sent from the client will have the host OS MAC address as their source address.

Utilizing Multiple IPs on a Single MAC

  • All data packets sent to the client will have the host OS MAC address as their destination address. Each OS has a different client hardware address that is transmitted as part of the DHCP payload. “Guest” OS hardware devices have MAC addresses that start “00:0c:29”; this is the global standard OUI for VMware. This hardware address is used by the DHCP server to identify guest OSes, allowing them to be provided separate IP addresses.
  • Grat ARP packets transmitted by any IP will have their corresponding unique client hardware addresses.
  • All broadcast packets received by the host OS will also be delivered to the guest OS(es).
  • All unicast packets received by the host OS will be delivered to the guest OS(es) based on the packets’ destination IP address.

In order to support this capability, a command has been added to the CLI:

  • show station multiple-ip—Displays all IP addresses provided by each individual station along with MAC addresses (labeled ‘vmac’ for virtual devices). Note that for the host device, the Client MAC and Virtual MAC will be identical.
  • IPv4 and IPv6 address types are supported.
  • All IP addresses belonging to a single station are assumed to be part of the same VLAN.
  • IP addresses provided to Virtual OSes are always dynamic; static addresses are not supported.
  • ICR is not supported when this feature is enabled.
This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.