cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1987
Views
0
Helpful
6
Replies

WLC Guest Network DHCP run out of IPs??

rguzman.plannet
Level 1
Level 1

Hello,

I have this guest wlan working with web authentication, as you may know in order to get authenticated you must have an IP address first then have a valid username and password. The problem is that if you don't have valid credentials you keep the IP address anyways.

I'd like to know if there is a way to release the IPs that are not being used? The WLC is the DHCP server for this network.

WLC4402

6.0.202.0

Thanks in advance!            

6 Replies 6

Stephen Rodriguez
Cisco Employee
Cisco Employee

In 7.0 You can use the cli command (might be there in later 6.0 but I can't test ATM)

Config dhcp clear-lease then either the up address or all

Config dhcp clear-lease 192.168.100.0

Or

Config dhcp clear-lease all

If not the only way to clear the leases is a reboot of the WLC.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Hello Steve,

What about the fact that I am using web authentication? Regardless you have valid credentials or not (web authenticated or not) you already have an IP address until either the lease time ends or you turn off the wifi client. I set a lease time of 2 hrs due to the nature of this service but it is still too much time to wait until DHCP server releases an IP address.

I hope I could clearly explain my doubt.

Thanks.

The clients that don't authenticate will timeout of the MSCB, but they will still be eating up the address until the lease expires.

How big is your DHCP scope?  you could do a /21 for the guest, and you shouldn't run out of leases.  But that's a design question and I don't know enough about your setup to be able to really speak to it.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Steve,

Yes, that was my first option actually is just matter of change the mask although it means changing some key settings in different devices. It would had been nice if there was a way to manually remove all non authenticated clients.

Thank you!!

That would be good, but right now there is not automated process to remove those clients.

If you are good with scripting, you could setup a script to pull the clients list, then parse it based on the authentication.  Once you have that you can then do a client deauthenticate, and wipe the IP address lease as well.

Unfortunately, I can't be too much help as I don't really know scripting.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Your better off increasing the subnet size.... the issue is that there are many devices that will join since it is open... So even if you remove the device that are not authenticating, they will request another ip address as long as they are close to your wireless network.

-Scott
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: