×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

5508 internal DHCP server

Answered Question
Jul 22nd, 2012
User Badges:
  • Bronze, 100 points or more

Hi,


A client wants us to use the internal DHCP server on a 5508 instead of Windows DHCP. They will have 15 APs initially and upto 25 later. The docs on the 7.2 WLC make it sound like this is discouraged:

Internal DHCP Server

The controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server. The wireless network generally contains 10 access points or fewer, with the access points on the same IP subnet as the controller.


In this case, the APs will not be in the same subnet as the Managment Internet.


Is it a mistake to use the internal DHCP with upto 25 APs (3 WLANs)? 


Thanks.

Correct Answer by Saravanan Lakshmanan about 5 years 4 weeks ago

#DHCP proxy needs to be enabled to use internal dhcp on WLC. WLC uses virtual ip for dhcp and they're unicast. So keeping the AP on L3 doesn't work with internal dhcp. dhcp for wireless client works due to the packets are sent to WLC via capwap.


#The DHCP required state can cause traffic to not be forwarded properly if a client is deauthenticated or removed. To overcome this problem, ensure that the DHCP required state is always disabled.

Ans: it is expected behavior irrespective of dhcp being internal or external, it is a feature and not disadvantage.


Cons:-

#can't have dhcp reservations.

#can't have option 43 or any other dhcp options.

#DHCP service can't be restarted, WLC reboot is required if needed to so.

#If Multiple WLCs used, need to create non overlapping scope on other WLCs as well.

#Wired clients cannot get ip from internal dhcp. So need to maintain separate network & dhcp server for wired network, and this require routing.

#From WLC GUI, Can't remove the client, need to use cli.

#WLC reboot may clear the dhcp lease, though not sure 100%

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
lcaruso Sun, 07/22/2012 - 20:26
User Badges:
  • Bronze, 100 points or more

I can see one disadvantage already. You can run into problems with the Internal DHCP server:

The DHCP required state can cause traffic to not be forwarded properly if a client is deauthenticated or removed. To overcome this problem, ensure that the DHCP required state is always disabled.


Then the External DHCP server section comments on how this setting is desireable for better security:


Security Considerations

For enhanced security, we recommend that you require all clients to obtain their IP addresses from a DHCP server. To enforce this requirement, all WLANs can be configured with a DHCP Addr. Assignment Required setting, which disallows client static IP addresses.

Correct Answer
Saravanan Lakshmanan Tue, 07/24/2012 - 12:09
User Badges:
  • Cisco Employee,

#DHCP proxy needs to be enabled to use internal dhcp on WLC. WLC uses virtual ip for dhcp and they're unicast. So keeping the AP on L3 doesn't work with internal dhcp. dhcp for wireless client works due to the packets are sent to WLC via capwap.


#The DHCP required state can cause traffic to not be forwarded properly if a client is deauthenticated or removed. To overcome this problem, ensure that the DHCP required state is always disabled.

Ans: it is expected behavior irrespective of dhcp being internal or external, it is a feature and not disadvantage.


Cons:-

#can't have dhcp reservations.

#can't have option 43 or any other dhcp options.

#DHCP service can't be restarted, WLC reboot is required if needed to so.

#If Multiple WLCs used, need to create non overlapping scope on other WLCs as well.

#Wired clients cannot get ip from internal dhcp. So need to maintain separate network & dhcp server for wired network, and this require routing.

#From WLC GUI, Can't remove the client, need to use cli.

#WLC reboot may clear the dhcp lease, though not sure 100%

Actions

This Discussion