WLC Guest Network DHCP run out of IPs??

Unanswered Question
Aug 27th, 2012

Hello,

I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.

I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.

WLC4402

6.0.202.0

Thanks in advance!            

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Steve Rodriguez Mon, 08/27/2012 - 08:01

In 7.0 You can use the cli command (might be there in later 6.0 but I can't test ATM)

Config dhcp clear-lease then either the up address or all

Config dhcp clear-lease 192.168.100.0

Or

Config dhcp clear-lease all

If not the only way to clear the leases is a reboot of the WLC.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

rguzman.plannet Mon, 08/27/2012 - 14:32

Hello Steve,

What about the fact that I am using web authentication? Regardless you have valid credentials or not (web authenticated or not) you already have an IP address until either the lease time ends or you turn off the wifi client. I set a lease time of 2 hrs due to the nature of this service but it is still too much time to wait until DHCP server releases an IP address.

I hope I could clearly explain my doubt.

Thanks.

Steve Rodriguez Mon, 08/27/2012 - 15:27

The clients that don't authenticate will timeout of the MSCB, but they will still be eating up the address until the lease expires.

How big is your DHCP scope?  you could do a /21 for the guest, and you shouldn't run out of leases.  But that's a design question and I don't know enough about your setup to be able to really speak to it.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

rguzman.plannet Mon, 08/27/2012 - 15:33

Steve,

Yes, that was my first option actually is just matter of change the mask although it means changing some key settings in different devices. It would had been nice if there was a way to manually remove all non authenticated clients.

Thank you!!

Steve Rodriguez Mon, 08/27/2012 - 15:36

That would be good, but right now there is not automated process to remove those clients.

If you are good with scripting, you could setup a script to pull the clients list, then parse it based on the authentication.  Once you have that you can then do a client deauthenticate, and wipe the IP address lease as well.

Unfortunately, I can't be too much help as I don't really know scripting.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Scott Fella Mon, 08/27/2012 - 20:04

Your better off increasing the subnet size.... the issue is that there are many devices that will join since it is open... So even if you remove the device that are not authenticating, they will request another ip address as long as they are close to your wireless network.

Actions

Login or Register to take actions

This Discussion

Posted August 27, 2012 at 7:42 AM
Stats:
Replies:6 Avg. Rating:
Views:590 Votes:0
Shares:0

Related Content

Discussions Leaderboard