Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Cisco WLC 2500 DHCP issue

I'm having an issue with a DHCP server on one VLAN.  When clients configure a static IP they can ping the DHCP server and everything, but when they try to get the DHCP IP they do not see anything.  Customer who owns the DHCP server is saing that they are not even seeing the DHCP packets.  Here is the debug:

DHCP Socket Task: Feb 18 14:39:07.133: 00:24:d7:5f:b5:e0 DHCP selecting relay 1 - control block settings:

                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,

                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.40.0.210  VLAN: 512

*DHCP Socket Task: Feb 18 14:39:07.133: 00:24:d7:5f:b5:e0 DHCP selected relay 1 - 10.40.0.254 (local address 10.40.0.210, gateway 10.40.0.254, VLAN 512, port 13)

*DHCP Socket Task: Feb 18 14:39:07.133: 00:24:d7:5f:b5:e0 DHCP selecting relay 2 - control block settings:

                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,

                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.40.0.210  VLAN: 512

*DHCP Socket Task: Feb 18 14:39:07.133: 00:24:d7:5f:b5:e0 DHCP selected relay 2 - NONE

*DHCP Socket Task: Feb 18 14:39:07.133: 00:24:d7:5f:b5:e0 DHCP selecting relay 1 - control block settings:

                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,

                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.40.0.210  VLAN: 512

*DHCP Socket Task: Feb 18 14:39:07.133: 00:24:d7:5f:b5:e0 DHCP selected relay 1 - 10.40.0.254 (local address 10.40.0.210, gateway 10.40.0.254, VLAN 512, port 13)

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP transmitting DHCP DISCOVER (1)

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP   xid: 0xced51f7a (3470073722), secs: 6656, flags: 8000

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP   chaddr: 00:24:d7:5f:b5:e0

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP   siaddr: 0.0.0.0,  giaddr: 10.40.0.210

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP sending REQUEST to 10.40.0.254 (len 350, port 13, vlan 512)

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP selecting relay 2 - control block settings:

                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,

                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.40.0.210  VLAN: 512

*DHCP Socket Task: Feb 18 14:39:07.134: 00:24:d7:5f:b5:e0 DHCP selected relay 2 - NONE

28 REPLIES
Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

Try to disable dhcp proxy and make sure you have an ip helper on the layer 3 subnet to point to the dhcp server.  You can also have your client connect a wired machine to the same switch on the vlan you are trying to test with and see if dhcp is working for the wired side on that switch.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Cisco WLC 2500 DHCP issue

The only reason I mentioned to disable dhcp proxy is because maybe the customer's dhcp server doesn't like the dhcp request to be proxied.  But by default, the WLC will proxy the dhcp request.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

Thank you for the reply Scott.  I have the DHCP Proxy disabled Globally on the WLC.  Also if I connect a hardwired client to that switch and move the switch port in VLAN512 client gets an IP address. 

Now this setup is a bit different.  This particular VLAN 512 is not on our network we have have it in our VLAN database on our switches.  But one of our switches uplinks to one of their switch via trunk port allowing only VLAN 512.

Hall of Fame Super Silver

Cisco WLC 2500 DHCP issue

That is weird.... Your ap's are in local mode and you have a wlan that places traffic onto vlan 512.  The connection from the WLC and the switch is a trunk, etherchannel or access port?

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

Yup we spent 2 hours on this.  It is a trunk port, here is the config on the port:

interface FastEthernet0/24

switchport trunk allowed vlan 512

switchport mode trunk

ip dhcp snooping trust

AP's are in local mode.  I do have a WLAN SSID and then assigned it to VLAN512 interface.  I can ping the DHCP server from the controller successfully.

Hall of Fame Super Silver

Cisco WLC 2500 DHCP issue

Try removing this:

ip dhcp snooping trust

Post your show wlan

When a client tries to associaite to the SSID, can you look at the client in the monitor and post that info.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

I can remove it however on the switch DHCP snooping is enabled, but I'll test it anyways without it.  I believe it was not on that port initially.  Will let you know the results.  Here is the show wlan:

WLAN Identifier.................................. 4

Profile Name..................................... VLAN512

Network Name (SSID).............................. VLAN512

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

  Client Profiling Status ....................... Disabled

   DHCP ......................................... Disabled

   HTTP ......................................... Disabled

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

Number of Active Clients......................... 0

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 86400 seconds

User Idle Timeout................................ 300 seconds

--More-- or (q)uit

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... WLC-01

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ vlan512

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

mDNS Status...................................... Enabled

mDNS Profile Name................................ default-mdns-profile

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver

Per-SSID Rate Limits............................. Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

Burst Realtime Data Rate.........................   0             0

Per-Client Rate Limits........................... Upstream      Downstream

Average Data Rate................................   0             0

Average Realtime Data Rate.......................   0             0

Burst Data Rate..................................   0             0

--More-- or (q)uit

Burst Realtime Data Rate.........................   0             0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Disabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... 802.11b and 802.11g only

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

   Authentication................................ Disabled

   Accounting.................................... Disabled

   Dynamic Interface............................. Disabled

   Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

Security

--More-- or (q)uit

   802.11 Authentication:........................ Open System

   FT Support.................................... Disabled

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Disabled

      WPA2 (RSN IE).............................. Enabled

         TKIP Cipher............................. Disabled

         AES Cipher.............................. Enabled

                                                               Auth Key Management

         802.1x.................................. Disabled

         PSK..................................... Enabled

         CCKM.................................... Disabled

         FT-1X(802.11r).......................... Disabled

         FT-PSK(802.11r)......................... Disabled

         PMF-1X(802.11w)......................... Disabled

         PMF-PSK(802.11w)........................ Disabled

      FT Reassociation Timeout................... 20

      FT Over-The-DS mode........................ Enabled

      GTK Randomization.......................... Disabled

      SKC Cache Support.......................... Disabled

      CCKM TSF Tolerance......................... 1000

--More-- or (q)uit

   WAPI.......................................... Disabled

   Wi-Fi Direct policy configured................ Disabled

   EAP-Passthrough............................... Disabled

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   FlexConnect Local Switching................... Disabled

   flexconnect Central Dhcp Flag................. Disabled

   flexconnect nat-pat Flag...................... Disabled

   flexconnect Dns Override Flag................. Disabled

   FlexConnect Vlan based Central Switching ..... Disabled

   FlexConnect Local Authentication.............. Disabled

   FlexConnect Learn IP Address.................. Enabled

   Client MFP.................................... Optional

   PMF........................................... Disabled

   PMF Association Comeback Time................. 1

   PMF SA Query RetryTimeout..................... 200

   Tkip MIC Countermeasure Hold-down Timer....... 60

AVC Visibilty.................................... Disabled

AVC Profile Name................................. None

--More-- or (q)uit

Flow Monitor Name................................ None

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

KTS based CAC Policy............................. Disabled

Assisted Roaming Prediction Optimization......... Disabled

802.11k Neighbor List............................ Disabled

802.11k Neighbor List Dual Band.................. Disabled

Band Select...................................... Disabled

Load Balancing................................... Disabled

Multicast Buffer................................. Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Hall of Fame Super Silver

Cisco WLC 2500 DHCP issue

For interface VLAN512, you have the switch ip for the primary DHCP server?

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

Switch IP for the primary DHCP Server?  Can you elaborate I didn't understand my apologies.

Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

Under the interface that you have defined in the WLC... VLAN512, there is a section to define your primary and secondary dchp server for that interface.  I would add your switch ip there, since that is doing your dhcp, correct?

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

Ah gotcha, no for that particular VLAN it is their firewall that is also their gateway acting as a DHCP server.

Hall of Fame Super Silver

Cisco WLC 2500 DHCP issue

Okay... so can you put the FW ip address (gateway) as the primary dhcp.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

I did though.  Here is the screen shot.

512.PNG

Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

Disable DHCP proxy on the interface.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

It is Globally disabled, but I did it on the interface as well.  Bleh no one to test it with any more onsite.  So will check it tomorrow and post back results.

Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

Sounds good. Keep us posted.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

So I tried that option as well and same results.  It seems like Controller is not advertising the DHCP server with this particular VLAN.  However with others it is and I see the following message:

DHCP   server id: 10.141.90.2  rcvd server id: 10.141.90.2

But the one that is not working

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 13, encap 0xec03)

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP processing DHCP DISCOVER (1)

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP   xid: 0x3d72be50 (1030930000), secs: 1024, flags: 8000

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP   chaddr: a0:88:b4:92:45:80

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0

*DHCP Socket Task: Feb 24 11:27:15.972: a0:88:b4:92:45:80 DHCP successfully bridged packet to DS

Cisco WLC 2500 DHCP issue

Also is DHCP Proxy enabled by default on the WLC?

Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

By default it is enabled. You can try to disable it but you will need to make sure you have an IP helper configured.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Cisco WLC 2500 DHCP issue

Yes. What Scott said is correct. First try connecting a wired client in the sameVLAN and test.

Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

Make sure that spanning tree is forwarding that Vlan.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: Cisco WLC 2500 DHCP issue

Yup it is.

VLAN0512

  Spanning tree enabled protocol rstp

  Root ID    Priority    4608

             Address     0c68.0340.0e00

             Cost        4

             Port        25 (GigabitEthernet0/1)

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    33280  (priority 32768 sys-id-ext 512)

             Address     5017.ff99.8b80

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Fa0/24              Desg FWD 19        128.24   P2p

Gi0/1               Root FWD 4         128.25   P2p

Gi0/2               Desg FWD 4         128.26   P2p

I'm wondering if it has to do with the "disable broadcast" option.  I have created a case with TAC as well.  So curious.

Re: Cisco WLC 2500 DHCP issue

Well so far TAC is unable to help either.

Hall of Fame Super Silver

Cisco WLC 2500 DHCP issue

Since TAC has the ability to look at your configuration, they would be better in figuring out this issue to be honest.  If you disabled dhcp snooping, disable dhcp proxy and that didn't help and you can get a wired client to get an ip address, then I really don't know what else you can try.  I would just keep TAC involved.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Cisco WLC 2500 DHCP issue

on the WLC CLI

show arp switch

make sure the WLC is learning ARP for the GW of VLAN 512

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: Cisco WLC 2500 DHCP issue

Looks like it is there:

    MAC Address        IP Address     Port   VLAN   Type

------------------- ---------------- ------ ------ ------

CC:3E:5F:29:6A:5F   10.40.0.241      13     512    Host

CC:3E:5F:29:6A:81   10.40.0.243      13     512    Host

00:25:90:93:D8:F4   10.40.0.254      13     512    Host (This is the gateway/DHCP Server)

Re: Cisco WLC 2500 DHCP issue

Thank you for the reply, yeah I'm kinda lost myself.  I think I might have to change my TAC engineer because the one I was talking to was not grasping the concept.

Hall of Fame Super Silver

Re: Cisco WLC 2500 DHCP issue

Haha... Maybe it's something you need to do.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
484
Views
0
Helpful
28
Replies