DHCP - why is interface recommended over WLAN?

Unanswered Question
Oct 16th, 2007

Cisco doco:

Cisco WLC_Config Guide_Web & CLI_Release 4.1

P.236 = 6-8.

"The preferred method for configuring DHCP is to use the primary DHCP address assigned to a

particular interface instead of the DHCP server override."

and further down on the same page,

"The preferred method for configuring DHCP is to use the primary DHCP address assigned to a

particular interface instead of the DHCP server override."

MH: Why?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ericgarnel Tue, 10/16/2007 - 04:46

What exactly are you asking?

One benefit of using dhcp assigned to a particular interface is that you can have multiple ssids bound to that interface.


"guest" ssid open with bronze qos bound to interface A

"employee" ssid WPA,or wep... some auth) with silver qos bound to interface A

I prefer to completely seperate the wlan/vlan/subnet combos, but not everyone has the same level of flexibility when it comes to design and/or hardware

MARK HEUZENROEDER Tue, 10/16/2007 - 04:54


Thankyou for replying but this is not related to what I'm asking.

I'm asking "Why" relating to the very specific Cisco doco I quoted. Please see the Cisco doco if you wish.

The WLC Config. Guide has many recommendations and few reasons.

I don't like to blindly follow recommendations hence my "Why" because they might not apply in my particular case.

Regards, MH

Scott Fella Tue, 10/16/2007 - 07:13

Like what ericgarnel stated, you configure the primary dhcp on the interface so you can have multiple ssid's mapped to that interface. You use the override if you want to have the users who associate to that ssid to get issues an ip address from a different dhcp server. It all depends on how you want to setup your WLC.... any way will work, its like a workaround.

MARK HEUZENROEDER Tue, 10/16/2007 - 15:35


Thanks for your replies.

You have clarified for me that some people put more than 1 WLAN on an i/f - not the way I've done it.

The URL's:





"any way will work"

is quite different from what Cisco are saying:

"The preferred method for configuring DHCP ..."

Regards, MH

srahn Wed, 10/17/2007 - 07:21

The reason assigning DHCP to the interface is the preferred method is related to complexity of design. If you assign it to the interface, you automatically know anyone on that interface and all assign WLAN's get DHCP from that server. If you use the per WLAN override feature, it's an added layer of complexity that should only be used when you have multiple WLAN's assigned to the same interface but wish to provide differentiated DHCP services for whatever reason.

MARK HEUZENROEDER Thu, 10/18/2007 - 03:05

Thankyou. That is very clear & I understand.

I would rather just assign a DHCP server to the WLAN and not the interfaces in it (I'm using AP Groups).

Is this possible or is assigning a DHCP server to interface mandatory?

Regards, MH

dennischolmes Sat, 10/20/2007 - 11:49

You can add a dhcp server to a particular WLAN by editing the wlan configuration and selecting dhcp override. When you check that box you will be prompted to add an address for the dhcp server you want to hand the client addresses from. It does not effect the addresses that the APs get as that is tied to the management interface of that controller.

MARK HEUZENROEDER Mon, 10/22/2007 - 17:06

As far as I can see from the WLC CLI, when you associate a DHCP server IP address to a WLAN you can only apply one - no possibility of configuring a Secondary. I don't think the doco tells you this.

If this is right it's quite limiting.

On the other hand, when associating a DHCP server IP addr to an Interface you can configure a Pri & Sec DHCP server IP addr.

Scott Fella Mon, 10/22/2007 - 18:24

You are correct... If you use the override, then you only have one dhcp server.

MARK HEUZENROEDER Tue, 10/23/2007 - 04:12

So would you agree this makes DHCP on WLAN fairly useless since it is such a common practice to have DHCP server redundancy?

Of course it depends on how critical the WLAN is but I think most enterprise n/w's would expect it to have DHCP server redundancy.

So does this make DHCP server on Interface the only practical solution since it allows configuration of Pri & Sec DHCP server?

(ie. what Cisco doco recommends without saying why)?

Scott Fella Tue, 10/23/2007 - 04:37

If you have a primary and an secondary DHCP, why would you use the override DHCP for? the interface at least gives you a primary and secondary. I only used the override when testing DHCP from the WLC or another source that will never be used. So unless you want to manage another DHCP server and scopes, you are better off using the interface configuration. You can use the override, but if your primary fails then you must configure it for the secondary manually.

dennischolmes Tue, 10/23/2007 - 04:38

The single dhcp issue has grown out of the original configuration of the software by Airespace. In the old Airespace days they wanted you to only really use 1 management interface and with that you had 2 dhcp servers. DHCP override was used to point a client to a particular dhcp scope for things like guest access. They attached the traffic to given vlans by the vlan identifier that was then on the WLAN SSID configuration page. There were several issues getting vlans to work that way with the controller. FOr instance, what if you had a group of APs that you wanted to service a particular VoIP wlan and you wanted to segment all that traffic for QoS purposes. The mgt interface only method could possibly still allow a client to get an address from a scope that since it was so braod, might not be segmented in the right vlan for QoS. Cisco saw this early on and redesigned the software so that you could attach multiple interfaces to the controller easily and then pick which interface to use for the wlan. This insures proper addressing and QoS. DHCP override is just a leftover piece of code because so many people were already using it. It is not the method of choice. I hope this explains your question a little better.


This Discussion



Trending Topics - Security & Network