cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1704
Views
0
Helpful
3
Replies

DHCP relay issues - WLC4400 series

Hi all,

I'm experiencing some strange problems with my WLC 4400 – and hope you guys can give me a hand.

There is an issue while connecting a WLAN Client to the WLC for the first time. I pinpointed the source of the problem to the dhcp, but I wondering why this happens…

As stated above – the issue occurs only during the first time registration of a WLAN client with the WLC. If I do another registration right after the failed connection attempt, the session is established and I can start working in my network environment.

Because we use 802.1x authentication, my first idea was that there is an issue – but the authentication process completes successfully.

Another debug for the dhcp process showed an issue during the initial registration process. I'll paste an extract of the NOT working connection attempt below (DHCP DISCOVER msg and DHCP OFFER msg passed successfully – I'll focus on the DHCP REQUEST msg):

###### Extract one ######

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProxy: Received packet: Client 00:21:6a:00:35:9c

                        DHCP Op: BOOTREQUEST(1), IP len: 303, switchport: 29, encap: 0xec03

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option len, including the magic cookie = 67

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: received DHCP REQUEST msg

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 61, len 7

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: requested ip = 10.64.153.66

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: server id = 1.1.1.1

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 12, len 12

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: vendor class id = MSFT 5.0 (len

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 55, len 12

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpParseOptions: options end, len 67, actual 67

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProxy: dhcp request, client: 00:21:6a:00:35:9c:

                        dhcp op: 1, port: 29, encap 0xec03, old mscb port number: 29

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c Determing relay for 00:21:6a:00:35:9c

                                                                                                        dhcpServer: 10.49.143.8, dhcpNetmask: 0.0.0.0,

                        dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c Relay settings for 00:21:6a:00:35:9c

                                                                                                        Local Address: 0.0.0.0, DHCP Server: 10.49.143.8,

                        Gateway Addr: 10.64.153.1, VLAN: 0, port: 29

Tue Mar  9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProcessPacket return an error,chaddr: 00:21:6a:00:35:9c

The process stops working after the last line above. The client reports connection successfully, but no IP address was assigned to the client. A second connection attempt was successful (again – I'll focus on the dhcp REQUEST msg – ignoring DISCOVER, OFFER and ACK msg):

                        DHCP Op: BOOTREQUEST(1), IP len: 303, switchport: 29, encap: 0xec03

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option len, including the magic cookie = 67

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: received DHCP REQUEST msg

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 61, len 7

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: requested ip = 10.64.153.66

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: server id = 1.1.1.1

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 12, len 12

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: vendor class id = MSFT 5.0 (len

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 55, len 12

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcpParseOptions: options end, len 67, actual 67

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c dhcpProxy: dhcp request, client: 00:21:6a:00:35:9c:

                        dhcp op: 1, port: 29, encap 0xec03, old mscb port number: 29

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c Determing relay for 00:21:6a:00:35:9c

                                                                                                        dhcpServer: 10.49.143.8, dhcpNetmask: 0.0.0.0,

                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.64.153.6  VLAN: 300

Tue Mar  9 09:53:02 2010: 00:21:6a:00:35:9c Relay settings for 00:21:6a:00:35:9c

                                                                                                        Local Address: 10.64.153.6, DHCP Server: 10.49.143.8,

The major difference seems to be in line 16:

Not Working:

                        dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0

Working:

                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.64.153.6  VLAN: 300

For me it seems that the WLC is not able to forward this request to the appropriate dhcp server.

Does anyone of you have an idea, why this happens? And why does this happen only during the first time login of every client? Or am I misinterpreting the debug output?!

Thx a lot in advance!

Cheers

Martin

3 Replies 3

Scott Fella
Hall of Fame
Hall of Fame

Does this happen when you use 802.1x... have you tried open authentication just for testing.  Is this a new install or did you upgrade the code at all?  Have you done a debug on the do1x to see if authentication fails.  If this is a new install... and you tried the above and still have issues, post your show run-config so we can verify your configurations.

-Scott
*** Please rate helpful posts ***

Hi,

thx for your comment so far.

I did some additional troubleshooting yesterday and I guess I fixed the problem. The management interface was configured with two dhcp server IPs (0.0.0.0 and 1.1.1.1).

Within the Cisco documentation it is stated that the dhcp relay proxy feature uses a virtual IP 1.1.1.1.

0.0.0.0    seems to be used for the internal communication.

When I changed the dhcp address (primary & secondary) to IP 1.1.1.1 the problem was solved. We tested it yesterday evening and this morning.

My assumption is that the virtual 1.1.1.1 IP is mandatory to match the dhcp responses to the proxy relaying feature. Or the WLC uses the DHCP addresses on the management interface to forward the traffic to the appropriate feature (where 1.1.1.1 triggers the proxy feature and 0.0.0.0 is used to forward the traffic to the internal dhcp service). But this is just a guesswork – I do not know the Cisco WLAN good enough to provide a valuable explanation.

Cheers

Martin

You are correct... if you do an ipconfig on your windows device you will see 1.1.1.1 or whatever your VIP address is there.  If you are using an external dhcp, you might want to set that in the interfaces.  If you use the WLC as a dhcp, then you would set the dhcp to the management interface.  Nothing should be set to 0.0.0.0.... even the service port needs an ip.

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: