WLC Guest Network DHCP run out of IPs??

Unanswered Question
Aug 27th, 2012
User Badges:


I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.

I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.


Thanks in advance!            

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Stephen Rodriguez Mon, 08/27/2012 - 08:01
User Badges:
  • Purple, 4500 points or more

In 7.0 You can use the cli command (might be there in later 6.0 but I can't test ATM)

Config dhcp clear-lease then either the up address or all

Config dhcp clear-lease


Config dhcp clear-lease all

If not the only way to clear the leases is a reboot of the WLC.


Please remember to rate useful posts, and mark questions as answered

rguzman.plannet Mon, 08/27/2012 - 14:32
User Badges:

Hello Steve,

What about the fact that I am using web authentication? Regardless you have valid credentials or not (web authenticated or not) you already have an IP address until either the lease time ends or you turn off the wifi client. I set a lease time of 2 hrs due to the nature of this service but it is still too much time to wait until DHCP server releases an IP address.

I hope I could clearly explain my doubt.


Stephen Rodriguez Mon, 08/27/2012 - 15:27
User Badges:
  • Purple, 4500 points or more

The clients that don't authenticate will timeout of the MSCB, but they will still be eating up the address until the lease expires.

How big is your DHCP scope?  you could do a /21 for the guest, and you shouldn't run out of leases.  But that's a design question and I don't know enough about your setup to be able to really speak to it.


Please remember to rate useful posts, and mark questions as answered

rguzman.plannet Mon, 08/27/2012 - 15:33
User Badges:


Yes, that was my first option actually is just matter of change the mask although it means changing some key settings in different devices. It would had been nice if there was a way to manually remove all non authenticated clients.

Thank you!!

Stephen Rodriguez Mon, 08/27/2012 - 15:36
User Badges:
  • Purple, 4500 points or more

That would be good, but right now there is not automated process to remove those clients.

If you are good with scripting, you could setup a script to pull the clients list, then parse it based on the authentication.  Once you have that you can then do a client deauthenticate, and wipe the IP address lease as well.

Unfortunately, I can't be too much help as I don't really know scripting.


Please remember to rate useful posts, and mark questions as answered

Scott Fella Mon, 08/27/2012 - 20:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Your better off increasing the subnet size.... the issue is that there are many devices that will join since it is open... So even if you remove the device that are not authenticating, they will request another ip address as long as they are close to your wireless network.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode