Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC 5508 Internal DHCP server issues

Hi,

I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:

The setup is as follows:

- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC. 

Problems:

1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are

unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.

2. DHCP does not release the ip addresses assigned to clients even after they are logged out.

3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.  

************Output from the Controller********************


(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE

(Cisco Controller) >show interface summary

Interface Name                   Port Vlan Id  IP Address         Type        Ap Mgr        Gu                                                                            

est
-------------------------------- ---- -------- --------------- ------- ------ --                                                                            
guest                                        1    301      10.255.255.30    Dynamic   No              No                                                                            
management                          1    100      172.17.1.30        Static          Yes            No                                                          

   
service-port                              N/A  N/A      192.168.0.1       Static         No               No                                                                            
virtual                                        N/A   N/A      10.0.0.1              Static         No               No                                                                            

(Cisco Controller) >show wlan summary

Number of WLANs.................................. 4

WLAN ID  WLAN Profile Name / SSID               Status    Interface Name
-------  -------------------------------------  --------  --------------------
1        LAN                                    Enabled   management
2        Internet                               Enabled   management
3        Managment Assets          Enabled   management
4        Guest                                  Enabled   guest

(Cisco Controller) >show dhcp detailed guest

Scope: guest

Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1  0.0.0.0  0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8  8.8.4.4  0.0.0.0
Netbios Name Servers............................. 0.0.0.0  0.0.0.0  0.0.0.0


(Cisco Controller) >show interface detailed management

Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled

(Cisco Controller) >show interface detailed guest

Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled

(Cisco Controller) >show dhcp leases

       MAC                IP         Lease Time Remaining
00:21:6a:9c:03:04    10.255.255.46    23 hours 52 minutes 42 seconds        <<<<<<< lease remains even when the client is disconnected.


*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************

(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2                 <<<<<<<<   'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46      <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central       <<<<<<<<<
H-REAP Authentication............................ Central       <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100           <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: WLC 5508 Internal DHCP server issues

Well that is good news. At least you have it working.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
12 REPLIES
Hall of Fame Super Silver

Re: WLC 5508 Internal DHCP server issues

When using the WLC as a dhcp server, dhcp proxy needs to be enabled. The WLC will only issue dhcp or locally switched SSIDs. For SSIDs that require an external dhcp, you need to make sure you have an ip helper configured on the layer 3 interface that you are placing the users onto your network. These are h-reap mode, so you need to make sure your layer 3 device is sending the dhcp info to your external dhcp server.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

WLC 5508 Internal DHCP server issues

Hi Scott,

Thanks very much for your prompt response.

The external dhcp server works like a charm provided I do not have DHCP proxy enabled on the WLC. I have 3 SSIDs for which clients are getting ips from the external server and I only encountered the problem when I configured the 4th SSID Guest on WLC.

When I posted this problem yesterday, I had a laptop connected to the Guest SSID and wlc was acting as expected for DHCP. The problem was with the same laptop then connecting to SSID 'Internet', and getting stuck in DHCP REqD state. I disabled the proxy before i finished work yesterday.

This morning, while the dhcp proxy was off, I had no issues connecting to 'Internet SSID' with the same laptop and external dhcp server was doing the addressing. But I obviously could not connect to the Guest SSID as proxy was disabled.

So I enabled the proxy again, and now I can connect to both SSIDs with no issues. The problem also seems to be with the sequence in which I am doing things.

Any ideas on this inconsistent behaviour of WLC?

Thanks

Hall of Fame Super Silver

WLC 5508 Internal DHCP server issues

Okay... so only the Guest SSID is centrally switched.  So the other three wlans have local switching enabled and the AP's are setup as a trunk port only allowing vland for the ap management and the three vlans.  For you guest interface, you need to set the primary dhcp to the wlc managment interface which is 10.255.255.30.  Also, make sure on the WLC trunk port on the switch, that you are only allowing vlans 100 and 301.

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC 5508 Internal DHCP server issues

Hi Scott,

I should have mentioned before, both Internet and guest ssids are centrally switched. For guest interface I have wlc mgmt interface set as primary dhcp server, which is 172.17.1.30. And yes, switch ports are allowing both vlans.

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Re: WLC 5508 Internal DHCP server issues

Then you need to specify the dhcp server in the management interface. You also need an ip helper address on the layer 3 interface on the router/switch that points to your external dhcp server.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

WLC 5508 Internal DHCP server issues

Hi Scott,

Thanks for being persistent. I have pasted the main interfaces below,  I am using external dhcp on the mgmt interface and for the guest interface, I am using Mgmt interface as the primary dhcp itself.

I do have ip helper on the router setup which works fine, provided I don't use WLC as the internal dhcp server. As soon as I remove the config for WLC to act as dhcp, there are no issues with getting ips from external server.

(Cisco Controller) >show interface summary

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
guest                            1    301      10.255.255.30   Dynamic No     No
management                       1    100      172.17.1.30     Static  Yes    No
service-port                     N/A  N/A      192.168.0.1     Static  No     No
virtual                          N/A  N/A      10.0.0.1        Static  No     No

Hall of Fame Super Silver

WLC 5508 Internal DHCP server issues

What is doing your external dhcp?  If its an ASA, that usually has an issue when the wlc does the dhcp proxy, but a windows server even a layer 3 switch should not have a problem.  So basically you are seeing the following:  If you have dhcp proxy enabled, the guest ssid works fine, but the other ssids that use an external dhcp doesn't.  When you have dhcp proxy disabled, all ssids except for the guest of course works fine.

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC 5508 Internal DHCP server issues

That is exactly what's happening. I have a windows server doing the dhcp.

Sent from Cisco Technical Support iPhone App

Hall of Fame Super Silver

Re: WLC 5508 Internal DHCP server issues

Well enabling dhcp proxy shouldn't break dhcp then. I have never ran into an install like your with the issues you are seeing. Your only way around it is not to have the wlc do dhcp for the guest, but your switch if you don't want your Windows dhcp to hand out address to your guest.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

Re: WLC 5508 Internal DHCP server issues

Hi Scott,

Here is what was happening and what i did resolve it:

External dhcp server setup on the mgmt interface was - 172.30.50.1

Router connected to WLC had 192.1.1.1 as the ip helpder address.

172.30.50.1 did not have any scope setup for 'Internet' SSID, but 192.1.1.1 had the scope setup and activated. DHCP requests were getting redirected to the helper address. For some reason, when wlc was acting as dhcp server, and Internet SSID was going to external dhcp, i could not get more than one machine to have ips from 192.1.1.1.

As soon as i changed the dhcp server on the mgmt interface to 192.1.1.1, all worked fine. It works fine if i setup the scope on 172.30.50.1 as well. The thing that i am still confused about is how come the first machine would get the ip from external dhcp when 172.30.50.1 was configured on the mgmt interface and the rest would get stuck in DHCP reQD.

Nonetheless, it was my misconfiguration which had led to the issue. I really appreciate your input and thanks for your suggestions.

Regards,

Vineet

Hall of Fame Super Silver

Re: WLC 5508 Internal DHCP server issues

Well that is good news. At least you have it working.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
New Member

WLC 5508 Internal DHCP server issues

Hi All,

I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.

DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68

*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76

Thanks,


Raj Sandhu


14409
Views
5
Helpful
12
Replies
CreatePlease to create content