Configuration of ACG1000 gateway across Layer 3 SNMP without direct connection

As shown in the figure above, the ACG is connected between the switch and the FW, with the AC attached alongside the switch. The AC serves as the gateway in the wireless network, and the ACG and AC are networked across Layer 3.

The on-site ACG performs local web authentication. After a wireless terminal connects to the WiFi, the authentication page can pop up, but it will go offline after a while. The reason for going offline is that the MAC address changes.

1. According to the logs, this MAC address belongs to the core switch. Since the on-site network spans Layer 3, the learned MAC is not the actual MAC of the terminal, and the core continuously refreshes the MAC.

2. In a normal networking environment, if the gateway is the core switch, the ACG must learn the actual MAC of the terminal by configuring SNMP-based Layer 3 MAC address learning on both the ACG and the switch. However, the on-site setup involves the ACG directly connecting to the core, with the AC connected in bypass mode and the gateway on the AC. This means the ACG must learn the ARP entry from the AC to obtain the actual MAC of the terminal.

3. According to the network description, the IP address can be filled with the gateway address, but the MAC address can only be filled with the directly connected core switch MAC. In this case, the real MAC cannot be learned.

4. In this networking environment, two SNMP configurations need to be set up on the ACG. Both the core switch and the AC require SNMP configuration, which means synchronizing twice to meet the requirements. Note that the MAC addresses should be the interface MACs of the ACG directly connected to the switch, but one IP address must be the AC's IP, and the other must be the switch's IP. Specifically, the ACG needs two SNMP configurations: ① The first SNMP should have the MAC filled with the interface MAC directly connected to the switch and the IP filled with the gateway IP. ② The second SNMP should have both the MAC and IP filled with the interface MAC and interface IP address directly connected to the switch.

After configuration completes synchronize normally

Two SNMP configurations are required on the ACG. 1. For the first SNMP, fill in the MAC address of the interface directly connected to the switch and the IP address of the gateway. 2. For the second SNMP, fill in both the MAC address and IP address of the interface directly connected to the switch.