Option 43 and ISC-DHCP

Answered Question
Nov 12th, 2008


I'm trying to figure out how to feed my LWAPP ap's mulitple controller ip's with ISC-DHCP option 43.

Currently, I'm only able to send one using this format:

option vendor-encapsulated-options f1:04:A7:D9:02:50;

I need to be able to send 4 or 5 so that my capacity is automatically loadbalanced.

Any help would be greatly appreciated!



I have this problem too.
0 votes
Correct Answer by ericgarnel about 7 years 10 months ago


Try this on the controllers:

config ap syslog host global

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
amritpatek Tue, 11/18/2008 - 09:46

To configure DHCP Option 43 for lightweight access points in the embedded Cisco IOS DHCP server, follow these steps:

Step 1 Enter configuration mode at the Cisco IOS command line interface (CLI).

Step 2 Create the DHCP pool, including the necessary parameters such as default router and name server. A DHCP scope example is as follows:

ip dhcp pool




Step 3 Add the option 60 line using the following syntax:

option 60 ascii "Airespace.AP1200"

The quotation marks must be included.

Step 4 Add the option 43 line using the following syntax:

option 43 ascii "Comma Separated IP Address List"

I hope it may help you.

timothybward Tue, 12/02/2008 - 04:34

Thank you very much for your reply. I am using isc-dhcpd.

I found a solution and I will post the configuration for anyone else who may need it.

My configuration on ISC-DHCPD 3.1.1 follows:

option space CiscoAP;

option CiscoAP.server-address code 241 = array of ip-address;

class "cisco-aps" {

match if substring (option vendor-class-identifier, 0, 8) = "Cisco AP";

vendor-option-space CiscoAP;

switch (substring (option vendor-class-identifier, 8, 8)) {

case " c1200":

option CiscoAP.server-address xxx.xxx.2.80,xxx.xxx.2.82,xxx.xxx.2.90,xxx.xxx.2.92,xxx.xxx.235.160;

case " c1240":

option CiscoAP.server-address xxx.xxx.2.80,xxx.xxx.2.82,xxx.xxx.2.90,xxx.xxx.2.92,xxx.xxx.235.160;


case " c1250":

option CiscoAP.server-address xxx.xxx.2.80,xxx.xxx.2.82,xxx.xxx.2.90,xxx.xxx.2.92,xxx.xxx.235.160;


case ".c1500":

case ".OAP1500":

case ".LAP1510":

case ".LAP1505":

case " c1520":

option CiscoAP.server-address xxx.xxx.2.80,xxx.xxx.2.82,xxx.xxx.2.90,xxx.xxx.2.92,xxx.xxx.235.160;



option CiscoAP.server-address xxx.xxx.2.80,xxx.xxx.2.82,xxx.xxx.2.90,xxx.xxx.2.92,xxx.xxx.235.160;



option log-servers xxx.xxx.2.60;


I hope this helps someone, it certain has worked miracles for me. One thing however that still isn't working is the log-servers. If anyone know what I'm doing wrong please let me know.

gamccall Tue, 12/02/2008 - 06:08

I was under the impression that when an AP joins whatever controller it discovers, it's fed a list of all controllers in that mobility group anyway. I've never had any problems in this area- can you describe what you were experiencing?

timothybward Tue, 12/02/2008 - 06:23

The only controller my AP's were seeing was the one I was sending to it via FA:02:etc etc etc

With the above setup it gets all five of my controllers, though, sadly it is not load balancing at all.

I'm currently having another issue at one site where the AP's join a controller just fine yet clients connecting to the AP's cannot get dhcp addresses. It's loads of fun.

gamccall Tue, 12/02/2008 - 07:31

Well, the first point I'd make is that you don't want to leave controller assignments or load balancing to the luck of the draw- instead, manually assign at least a primary controller on each AP, and try to group them logically by floor or area so that you minimize intercontroller roaming.

With that said, you should be getting loadbalancing even in your salt and pepper deployment. Are you sure you have all of your controllers in the same mobility group? Are there any ACLs between your controllers that might be blocking intercontroller communication?

timothybward Tue, 12/02/2008 - 11:57

Hi, thanks for your response.

The issue with assigning controllers master/secondary etc is that forwhatever reason if we change that, apply it, save the config and reset the AP's will come back with the master missing and maybe the secondary still there. It's very bizarre, I'm not entirely sure why that is happening.

But yes, I've tried to manually load balance, I was hoping for a more elegant solution that doing it myself simply because all my controllers are in the same location so that there are no real issues with distance between sites and the controllers.

As far as ACL's go, no, there are no ACL's involved.

The mobility group is the same and I've verified the control paths come up and stay on all five controllers.



ericgarnel Tue, 12/02/2008 - 08:08

I think you need to place the option log-servers under the subnet string rather than the global.

here is my config:

[[email protected] ~]$ vi /etc/dhcpd.conf

primary; # declare this to be the primary server


port 647;

peer address;

peer port 647;

max-response-delay 60;

max-unacked-updates 10;

load balance max seconds 3;

mclt 1800;

split 128;


#### WIFI Mgmt Subnet ######

subnet netmask {

option routers;

option subnet-mask;

option domain-name-servers,;

option domain-name "accdshownet.com";

option cisco-lwapp.lwapp-controllers,,,;

default-lease-time 432000;

option log-servers;

max-lease-time 442000;

pool {

failover peer "dhcp-failover";

deny dynamic bootp clients;


default-lease-time 432000;

max-lease-time 442000;


timothybward Thu, 12/04/2008 - 15:40


I tried your suggestion and put it in the stanza's where the access points reside to no avail. I'm still not getting any log messages from the AP's themselves.

Thanks though,


ericgarnel Thu, 12/04/2008 - 17:22

telnet or ssh into the AP and see what the setting indicates for logging

timothybward Thu, 12/04/2008 - 18:32

Does logging only work for autonomous AP's? Because my AP's don't respond to telnet or ssh. Additionally when I boot a LWAPP while connected to the console it says no logging servers given from DHCP or something to that effect.

timothybward Fri, 12/05/2008 - 08:23


I've enabled ssh and looked at the configs.

They're all set to log to



Correct Answer
ericgarnel Fri, 12/05/2008 - 08:37


Try this on the controllers:

config ap syslog host global

ericgarnel Fri, 12/05/2008 - 08:42

Just confirmed it works

from the AP:

%WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:5 Channel:11

%WIDS-4-SIG_ALARM: Attack is detected on Sig:Standard Id:5 Channel:149 Source MAC:0018.de98.3e2c

%WIDS-6-SIG_ALARM_OFF: Attack is cleared on Sig:Standard Id:5 Channel:149AP_TELNET_SSH_PAYLOAD

%LWAPP-3-CLIENTEVENTLOG: Received AP Syslog IP Address( configuration.

%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host stopped - CLI initiated

%SYS-6-LOGGINGHOST_STARTSTOP: Logging to host started - CLI initiated


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode