5508 DHCP doesn't work unless proxy is enabled

Unanswered Question
Jul 29th, 2013
User Badges:
  • Bronze, 100 points or more

Hi,


On a 5508 running 7.4.100 connected to a core L3 switch, we cannot get DHCP to wlan clients unless the controller proxy is enabled.


The vlans on the core switch that correspond to the wlans defined on the controller all have ip helper addresses for the DHCP server and the access-lists are setup correctly to allow DHCP. But those access lists are not getting any hits for DHCP.


The topology is all vlans L2 to the core L3 switch. Controller connected directly to the L3 core.


Can someone tell me where the problem is?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Rasika Nayanajith Mon, 07/29/2013 - 16:17
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

where is your ACL applied & can you post ACL to refer ?

lcaruso Mon, 07/29/2013 - 16:33
User Badges:
  • Bronze, 100 points or more

Hi,


Thank you for replying. The acls are on the core switch and look like this for dhcp

permit udp any eq bootpc any eq bootps


I opened a TAC case on this and I believe we identified an issue. The core switch had ip helper addresses on the vlans defined for the wireless access which may have interefered when the proxy was disabled.


We are going to test this soon.

Rasika Nayanajith Mon, 07/29/2013 - 17:21
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Good to hear that...let us know cause & the fix once your testing completed.

Abhishek Abhishek Tue, 07/30/2013 - 15:09
User Badges:
  • Gold, 750 points or more

Hello,


As per your query i can suggest you the following solution-


The Cisco WLC is not exactly a DHCP relay. It does change the DHCP discover from broadcast to unicast, but it stays in the same subnet . So FirstSpot visitor's interface, the WLC interface and all wireless clients are in the same subnet (10.20.7.0) and also in the same layer 2 vlan.


Hope this will help you.

lcaruso Wed, 07/31/2013 - 06:29
User Badges:
  • Bronze, 100 points or more

Hi,


Thanks for your reply. We are still working this case. I'll post the final resolution once we achive success.


Most recently we added a dns entry for the virtual interface 1.1.1.1 and re-added the ip helper addresses on the core switch. Unfortunately, that did not resolve the issue.

Actions

This Discussion