DHCP proxy not working

Answered Question
Apr 7th, 2009
User Badges:

I have two WLC 4402 servicing several SSIDs. Every SSID represents a different VLAN with a different IP subnet.

Now I want to use one DHCP server for all SSIDs. So I configured the server (I disinguish the requests from the different networks by option 82), put him into the VLAN where the ap-manager and the management interfaces are residing in and configured the DHCP server address of the interfaces on the WLC appropriate to the new setup.


Now my problem: No request arrives at the server. I now tried nearly all options but without success.


I found out that relaying works if the DHCP server is on the SAME subnet. Then all requests are relayed (yes, relayed, unicasted by the controller).

DHCP debug of the WLC says:


DHCP received op BOOTREQUEST (1) (len 313, port 1, encap 0xec03)

DHCP selecting relay 1 - control block settings: dhcpServer: 10.22.72.3, dhcpNetmask: 255.255.248.0, dhcpGateway: 10.22.72.33, dhcpRelay: 10.22.72.1 VLAN: 22

DHCP selected relay 1 - 10.22.72.3 (local address 10.22.72.1, gateway 10.22.72.3, VLAN 22, port 1)

DHCP transmitting DHCP REQUEST (3)

...


If now I enter the DHCP server address of the new server (directly reachable though the ap-amanager and management interfaces) I get the following:


DHCP received op BOOTREQUEST (1) (len 308, port 1, encap 0xec03)

DHCP selecting relay 1 - control block settings: dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0, dhcpGateway: 0.0.0.0, dhcpRelay: 10.6.72.1 VLAN: 640

DHCP selected relay 1 - NONE


It just seems to ignore the entered DHCP server address.

I tried several software versions (v4.2, v5.2), all the same.


DHCP proxy is enabled - as mentioned, if the DHCP server is in the same subnet, it works fine.


Any suggestions?

Correct Answer by Stephen Rodriguez about 8 years 2 weeks ago

OK, so the DHCP server does not have a gateway, so it can't respond to a request on another network....That is the problem. With this config you would never get DHCP to work, as you had seen.


No the WLC will not send the DHCP request for x vlan out y vlan.....DHCP needs to be reachable..

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dl6kwa Tue, 04/14/2009 - 00:35
User Badges:

The requested output is in the attached file.


In the meanwhile I tried a factory reset, configured only the necessary interfaces and one WLAN (with firmwares 4.0, 4.1, 4.2, 5.2), no success.



Attachment: 
Stephen Rodriguez Tue, 04/14/2009 - 06:57
User Badges:
  • Purple, 4500 points or more

WLC config looks good. Best bet at this point, is to open a TAC case. Need to be online and see what is going on.

dennischolmes Tue, 04/14/2009 - 07:09
User Badges:
  • Gold, 750 points or more

ALso make sure the DNS entry for the DHCP server is correct and can be reached from the vlan on which the APs reside for their address. If not the AP will not resolve DNS fully when getting its IP address and will not be able to relay effectively the dhcp requests from the clients.

dl6kwa Tue, 04/14/2009 - 07:17
User Badges:

Sadly I am not able to open a TAC request because our WLCs are not covered by our service contract, so I guess I'm stranded here.


Since we use only LWAPP-APs (configured with static IPs) and the DHCP-Server resides directly in the VLAN where the management and ap-manager-interfaces of the controllers are, DNS should not be an issue, should it?

Stephen Rodriguez Tue, 04/14/2009 - 07:20
User Badges:
  • Purple, 4500 points or more

No, DNS should not be an issue, as this is for the clients, as I read the issue. As the DHCP server is on the mgmt subnet, it should be reachable with out issue.


If you can't open a TAC case, I'll do my best to help over NetPro.


Capture the output of:

debug client < client mac address>


Start this prior to your client attempting to get on the network, and let it run for at least 5 minutes. Once you have it, post here and I'll see if I see anything odd.

dl6kwa Tue, 04/14/2009 - 07:49
User Badges:

Here's the debug data as requested. Its shows the complete connection try of a notebook.


As I took a look on it myself I noticed line 77 of the debug output:

DHCP selected relay 1 - 10.44.1.9 (local address 10.6.72.1, gateway 10.6.72.33, VLAN 640, port 1)


It obviously selected the correct ip of the DHCP server (10.44.1.9). But does the rest mean the Controller tries to forward the request via the standard gateway of the VLAN the client resides in? (10.6.72.33 is the standard gateway of the WLAN of the client). This will fail because the network the DHCP server resides in doesn't have a gateway and is therefor unreachable by other networks (by purpose).

Is there a way to make the controller send out the relayed request though its interface in the network of the DHCP server?





Attachment: 
Correct Answer
Stephen Rodriguez Tue, 04/14/2009 - 07:56
User Badges:
  • Purple, 4500 points or more

OK, so the DHCP server does not have a gateway, so it can't respond to a request on another network....That is the problem. With this config you would never get DHCP to work, as you had seen.


No the WLC will not send the DHCP request for x vlan out y vlan.....DHCP needs to be reachable..

dl6kwa Tue, 04/14/2009 - 08:08
User Badges:

That explains it then.


Since the targeted VLAN with the DHCP does not have a gateway the request never reached the server.

Thats odd, I asked my colleague some time ago to check at the router for incoming DHCP packets, he said there are none. Guess I have to have a word with him ;-)


So to get this right: The controller will never itself "route" the dhcp request, even if he has a interface in the targeted network where the dhcp server is residing in but instead use the default gw of that network where the request comes from to send the request to its destination? Too sad...

dennischolmes Tue, 04/14/2009 - 07:20
User Badges:
  • Gold, 750 points or more

It shouldn't but I had a similar problem last week on an apparently fine wlan. After hours of research that is what I found to be the problem. I would just very that it is working that you have IP helper installed to assist with the address issues and then let me know what happens.

Actions

This Discussion

 

 

Trending Topics - Security & Network