Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DHCP not getting on Anchor (DMZ) controller

Hi Have Local/Anchor controller deployment with code 5.1.x running.

Anchor controller (in DMZ) is configured for DHCP server and enabled. I have mobility anchor configured and both Data & Controller paths are UP and more over eping/mping work on both devices.

When enabling debug on DHCP I have the attached output. The issue is that users are not able to get IP from DHCP server configured locally on Anchor(DMZ) controller.

Juniper firewall is placed between DMZ and Inside and the required ports have been opened.

Can someone advise me why I'm not able to get IP from DMZ controller ?

Debug output on both local controller and anchor (DMZ) controller are attached.

thanks in advance.


Re: DHCP not getting on Anchor (DMZ) controller

can you attach the show run-config? Make sure it's the show run-config and NOT! the show running-config

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Re: DHCP not getting on Anchor (DMZ) controller

*Jan 14 00:41:53.509: 00:13:02:43:f9:d3 mmAnchorExportRcv: WLAN QIB_GUEST policy mismatch between controllers, WLAN QIB_GUEST not found, or WLAN disabled. Ignore ExportAnchor mobility msg. Delete client.

I'm assuming this debug is for the client in question.

When I've had problems with my Guest anchoring, it has always come from the configurations on the two controllers not being IDENTICAL. As in, even the slightest mismatch in the two WLANs has caused my problem.

For example, I would make sure that the WLAN on your local controller is configured EXACTLY like the DMZ, from the dhcp options to the encryption options, even the session timeout to exclusion times.

The bottom line is that this debug says the policies don't match (since I am assuming the wlan is configured on both controllers, and that the wlans are no disabled).

As the other user suggested, the run-config from each controller would be nice to see, but the problem may be as simple as one overlooked value not being identical...

(I am speaking from my experience with 4.1 though.... but I bet the same behavior is in 5)

CreatePlease login to create content