WLC 5760 DHCP Issues

Roger Alderman · ‎01-02-2014

Hi All

I'm having issues with wireless clients getting IP addresses from a DHCP server.

I have a Cisco 5760 WLC with 4 VLANs configured in a VLAN Group.

The WLAN is pointing to the VLAN group and for testing is using WPA-2 AES with a PSK.

There are interfaces for each of the VLANs configured with an IP address in the individual subnets and an IP helper address pointing to the DHCP server.

The WLC can ping the interfaces on the firewall for each subnet.

I have debug DHCP client enabled on the 5760.

If I connect a client to the WLAN I never see any DHCP activity on the 5760 and the firewall logs don't see anything either.

Its as if the 5760 is not sending any DHCP requests.

I've removed all IP DHCP Snooping Trusted type statements but have left this one:

ip dhcp snooping wireless bootp-broadcast enable

Any ideas anyone?

Regards

Roger

Jacob Snyder · ‎01-02-2014

Do you have DHCP required on?

Sent from Cisco Technical Support iPhone App

Roger Alderman · ‎01-02-2014

I've tried it with it on and with it off.

My understanding is that DHCP required on the WLAN simply stops you connecting clients with static IP addresses.

The problem seems to be that all the DHCP requests are going down the management VLAN and not the data VLAN.

Stephen Rodriguez · ‎01-02-2014

On the switch you have the 5760 connected to, are you allowing the VLANs across the trunk? If you look at the show interface < interface > trunk, are the required VLANs allowed and not being pruned?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Roger Alderman · ‎01-02-2014

Yes the VLANs are allowed down the trunk and I can ping every gateway on the firewall from the 5760 SVIs.

Rasika Nayanajith · ‎01-02-2014

Hi Roger,

Did you test with a specific interface vlan (instead of vlan group) map to this WLAN ? If that works then you know it is a problem with interface group & not on your DHCP or any other configuration.

Check all 4 interfaces individually & makesure clients get IP addresses in that way. Then focus on the vlan group config

HTH

Rasika

**** Pls rate all useful responses ****

Roger Alderman · ‎01-03-2014

I already did that with no effect.

I have identified the problem.

The DHCP server is on an external network and therefore all DHCP requests were going out of the 5760 using the default route which points to the gateway for the management VLAN which is on a Checkpoint firewall.

Because anti-spoofing is enabled on the firewall it was dropping all the DHCP packets.

I have had to insert static ARP entries on the 5760 for each default gateway for each of the VLANs I have assigned to the wireless network. Some changes have also been made to the firewall to ensure it allows the packets through.

Everything is now working as it should be.

shantia444 · ‎04-30-2016

Hi man

I really need your help if you have your problem solved.

I have problem with internal DHCP and while I configured external,Clients have problem.

I have a WLC5760 with more than 500 APs and 5000 users I think we can share a lot about it,how can I access u?