NLB - Network Load Balacing Microsoft - problem with Wireless Client

Unanswered Question


I have a problem with a wireless client that it not able to ping a virtual IP of server in NLB modality.

The WLC can do a ping to the first physical, to the second physical IP and the the virtual IP correctly.

The Wireless Client can do a ping to the first physical, to the second physical IP BUT can not do a ping to the the virtual IP.

The WLC and wireless client have the same mac-table with the same mac-add of tree IP (2 physical and virtual).

When from WLC, i do a ping to the Ip virtual, I send 3 pkt and I receive 6 pkt (3 from first network lan and 3 from second network lan, I think...)

I think thet the WLC drop the pkts to wireless client to virtual IP of LNB Microsoft (NLB work correctly).

What do you think?


Mirko S.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dancampb Thu, 02/11/2010 - 06:47
User Badges:
  • Cisco Employee,

You'll probably need a sniffer capture to see this, but typically when I've seen this type of issue the packet is sent to one of the NIC's of the server but the response comes from the other NIC.  Because of this addressing on the response packet doesn't match where the packet was sent so it doesn't look valid.

Hi Dan,

Ok, I understand what you say, but why the WLC can do a ping to the first physical, to the second physical IP and the the virtual IP correctly and the wireless client can't ping a virtual IP?

The WLC drop the pkt, I think.

There is a specific DEBUG to monitoring the events?

I try to see the pkt with wireshark.


Mirko S.

mj.jimenez Fri, 07/16/2010 - 05:34
User Badges:


I have deployed a WLC 2112 with 7 LAP1142N for one of our clients and I have exactly the same problem.

The http proxy is the virtual ip of a windows NLB cluster, and from the wireless clients I get answer from the physicals, but not from the virtual (WLC can ping all phisycal and virtual)... the result the clients are not able to navigate thru Internet.

Did someone get the answer for this issue?

Thanks a lot in advance.


Kostas Papachri... Wed, 08/03/2011 - 23:59
User Badges:


Hi, everyone.

I am facing the same issue with WLC2106. Did someone get any answer .

Best regards

Kostas Papachristofis.

stefan.angerer Thu, 08/04/2011 - 00:03
User Badges:
  • Bronze, 100 points or more


you need to enable multicast on the WLC, then it will work.



stefan.angerer Thu, 08/04/2011 - 00:54
User Badges:
  • Bronze, 100 points or more

Generally yes, but (as always) it depends on your infrastructure.

If it is MC ready, then this should work.

AP Multicast Mode "Multicast" also means, that you need MC enabled between your WLC and your APs.

Also, you should check this document (which you probably already know), how MS NLB and Cisco Switches will work together - to make sure your wired infrastructure fully supports NLB:

hope that helps,


MotherTucker Sun, 03/25/2012 - 07:54
User Badges:

We just went thru this with a Cisco TAC support engineer, and we solved it by adding the "no ip igmp snooping" command to the AP and then also turning on IGMP Multicast for the NLB cluster in the Windows NLB Manager:

Jeffrey Keown Mon, 03/26/2012 - 07:18
User Badges:
  • Cisco Employee,

In the case of bridging wireless traffic through an internal AP801's host router (such as a 1941W), this doesn't work because the unicast ip/mcast mac traffic doesn't get passed through the bridge into vlan config.

Example config:

1941W-3#sho run int gig 0/0

Building configuration...

Current configuration : 95 bytes


interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

bridge-group 1



1941W-3#sho run | inc bridge

bridge irb

bridge-group 1

bridge-group 1

bridge-group 1

bridge 1 protocol ieee

bridge 1 route ip

1941W-3#sho run int vlan 1

Building configuration...

Current configuration : 57 bytes


interface Vlan1

no ip address

bridge-group 1



1941W-3#sho span int wlan-g

1941W-3#sho span int wlan-gigabitEthernet 0/0

Port 8 (Wlan-GigabitEthernet0/0) of VLAN1 is forwarding

   Port path cost 4, Port priority 128, Port Identifier 128.8.

   Designated root has priority 32768, address 0026.0bb5.5093

   Designated bridge has priority 32768, address 0026.0bb5.5093

   Designated port id is 128.8, designated path cost 0

   Timers: message age 0, forward delay 0, hold 0

   Number of transitions to forwarding state: 1

   BPDU: sent 127707, received 0

   The port is in the portfast mode

1941W-3#show bridge 1

Total of 300 station blocks, 287 free

Codes: P - permanent, S - self

Bridge Group 1:

    Address       Action   Interface       Age   RX count   TX count

000c.29a0.3037   forward   Gi0/0             0        690        818

78e4.00b2.efda   forward   Vlan1             0       1202         53

Ways to get this to work:

1) configure IGMP snooping support on the NLB Cluster as mentioned in the previous post

2) Use cluster mode Unicast

3)  route the internal ap's traffic and not use IRB.

1941W-3(config)#no bridge irb

Please remove the BVI 1 interface first!

1941W-3(config)#no int bvi 1


1941W-3(config)#no bridge irb

1941W-3(config)#int vlan 2

1941W-3(config-if)#ip add

1941W-3(config)#int wlan-gigabitEthernet 0/0

1941W-3(config-if)#switch access vlan 2



1941W-3(config-if)#int gig 0/0

1941W-3(config-if)#no bridge 1

1941W-3(config)#int gig 0/0

1941W-3(config-if)#ip add


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode