cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5477
Views
0
Helpful
36
Replies

DHCP server override on 4402 WLC

grabonlee
Level 4
Level 4

I have successfully implemented wireless guest access using 4402 WLC as the Anchor and 5508 as Foreign. The Anchor controller also provides dhcp services to guest clients. The 5508 is LAGged and there is no issue with the guests traffic separated from corporate. At a remote site, there is a 4402 WLC using LAG and also acting as a Foreign controller. But when a client connects to the guest WLAN, it obtains a corporate dhcp address instead of the dhcp address assigned from the Anchor controller. The guest WLAN setting is the same as with the 5508 controller i.e. DHCP server override is ticked and the management IP address of the Anchor controller is specfied. Also DHCP Addr required is ticked. Could anyone explain why the 4400 controller is not forwarding dhcp requests to the anchor controller and instead sending to the corporate dhcp server.

1 Accepted Solution

Accepted Solutions

it doesn't seem that the client is getting anchored.  there is a mobile announce, which will happen when a client joins, and the WLC checks it's peers to see if there is already an entry.

What I do see on the Foreign is: DHCP successfully bridged packet to DS.

I don't see any of the other messages that would indicate the WLC is trying to anchor the client at all.

Can you post the output of:

show wlan < wlan ID >  - from both the Anchor and the Foreign that are not working?

show mobility summary - from both the Anchor and the Foreign that are not working?

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

36 Replies 36

Scott Fella
Hall of Fame
Hall of Fame

Well it could be a few things. First, is your mobility anchor defined on the SSID on the remote wlc? The APs are in local mode not in h-reap or FlexConnect. Even though you have the dhcp override, if the traffic isn't getting tunneled, you won't get a dhcp from the anchor.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Stephen Rodriguez
Cisco Employee
Cisco Employee

For anchoring to work, the WLAN config must match.

If you are anchoring the WLAN to a DMZ WLC, you don't need to set the tho override parameter, as the DGCP will come from the DMZ WLC by default.

Now if you have that setting on the inside, you must have the same settings on the DMZ as well

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Thanks for you responses. However, I mentioned that APs connected to the 5508 WLC are working as expected. That means the guest WLAN config on the 5508 is the same as the 4400 and DMZ WLC. The guest WLAN is centrally switched.

Are you able to eping and mping between them? If you run debug client and debug mobility handoff. You should see messages on the anchor of its not able to create the tunnel for the user.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

The mobility data and control path (eping/mping) is up. I will run a debug later.

Looked at the mobility stats on the controller and discovered that there is no Client handoff as Foreign. Compared the config between 5500 and 4400 Foreign WLCs and found no error. My config is as follows:

1. LAG is enabled

2. Guest wlan mapped to management interface

3. Anchor WLC is 4400

4. Both Foreign and Anchor controllers have DHCP server override with the management IP add of the Anchor specified

5. Both Foreign and Anchor controllers management interfaces have no DHCP server IP specified

6. There is no guest vlan interface or subnet.

7. DHCP proxy is only enabled on Anchor controller

8. 5500 WLCs have been supporting guest access properly since 2011

This is really frustrating. I wish Cisco would could maintain some consistency

On your foreign wlc, you have the SSID anchored to the 4400 and of course the 4400 guest WLAN is anchored to itself.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

I have the same setup using a 4400 (repurpose) as an anchor for a couple of my clients and no issues with 5508's as the foreign.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Scott,

Please read my comments. I never said I had issues with 5508 as Foreign WLC. My problem is with the Foreign 4402 WLCs. Anyway, l have planned to remove LAG from the Anchor 4400 and create a separate interface for the guest WLAN.

Never said it was an issue with the 5508. But if you don't see anything anchored to your anchor WLC, then your 5508 is not anchoring the traffic for that WLAN. There is nothing different per say config wise from a 4400 and 5508 running the same code except for the ap manager interface on the 4400. Why not post your show run-config on your 4400 and 5508 which is the issue.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

My 5508 has no issues handing off to the 4400 Anchor. The problem is a foreign 4400 handing off to the 4400 Anchor despite the fact the config being the same as the 5508.

Well that should be simpler since its the same hardware, you eliminate hardware compatibility issue. You need to post your config for us to be able to see if it's setup correctly.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

You should never map the GUEST interface to managment even if its doesnt do DHCP, just bad pratices. If the tunnel breaks your guest will get dropped on the side of your network. You should create dummy interface.

What code revs are all these devices on ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

My Anchor controller is on a DMZ. The corporate 4400s are not using etherchannel, hence there is a Guest interface that is not mapped to management. I only used LAG when the anchoring was not working between the Anchor 4400 and the Foreign 4400. The Anchor uses etherchannel, hence no separate guest interface. I have decided to create a separate guest interface on the Anchor controller to see if that solves the issue. This I will do on Monday. The 4400s are on 7.0.230.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: