Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5687
Views
0
Helpful
36
Replies

DHCP server override on 4402 WLC

Go to solution
grabonlee
Level 4
Level 4

‎04-18-2012 02:37 PM - edited ‎07-03-2021 10:01 PM

I have successfully implemented wireless guest access using 4402 WLC as the Anchor and 5508 as Foreign. The Anchor controller also provides dhcp services to guest clients. The 5508 is LAGged and there is no issue with the guests traffic separated from corporate. At a remote site, there is a 4402 WLC using LAG and also acting as a Foreign controller. But when a client connects to the guest WLAN, it obtains a corporate dhcp address instead of the dhcp address assigned from the Anchor controller. The guest WLAN setting is the same as with the 5508 controller i.e. DHCP server override is ticked and the management IP address of the Anchor controller is specfied. Also DHCP Addr required is ticked. Could anyone explain why the 4400 controller is not forwarding dhcp requests to the anchor controller and instead sending to the corporate dhcp server.

Labels:
0 Helpful
36 Replies 36

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to grabonlee

‎04-26-2012 06:12 AM

it doesn't seem that the client is getting anchored.  there is a mobile announce, which will happen when a client joins, and the WLC checks it's peers to see if there is already an entry.

What I do see on the Foreign is: DHCP successfully bridged packet to DS.

I don't see any of the other messages that would indicate the WLC is trying to anchor the client at all.

Can you post the output of:

show wlan < wlan ID >  - from both the Anchor and the Foreign that are not working?

show mobility summary - from both the Anchor and the Foreign that are not working?

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
grabonlee
Level 4
Level 4
In response to Stephen Rodriguez

‎04-26-2012 07:42 AM

Guys,

I have solved my problem and will share the solution with you.

1. From the CLI of the Foreign 4400, I typed show mobility anchor wlan 4 and it came up blank. I was expecting to see the IP address of the Anchor controller. I typed the same command on the 5508 and it showed me the Anchor IP. That is when it occurred to me that Auto Anchor may be disabled. On the 5500, Auto anchor is enabled by default.

2. Disabled the WLAN and from the CLI typed, config wlan mobility anchor add 4 10.20.x.x (IP address of the Anchor)

3. Did a show mobility anchor wlan 4 and behold the IP of the Anchor showed.

Please note that don't always believe everything on the GUI. Always use the CLI to confirm. I had earlier done a Show mobility summary and it showed that Anchor details which matched the GUI information. If I had not done a Show Mobility Anchor Wlan ID, I would never have seen where the problem was. I have pasted the steps below. Thanks for your responses, especially Stephen Rodriguez.

(Cisco Controller) >show mobility anchor


Mobility Anchor Export List

WLAN ID     IP Address            Status
-------     ---------------       ------

GLAN ID     IP Address            Status
-------     ---------------       ------


(Cisco Controller) >show mobility summary

Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... X_MOBILITY
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x3a28
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 7
Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast IP     Status
00:24:97:3c:99:60  10.20.x.x     X_GUEST                         0.0.0.0          Up

(Cisco Controller) > config wlan mobility anchor add 4 10.20.x.x


(Cisco Controller) >show mobility anchor wlan 4


Mobility Anchor Export List

WLAN ID     IP Address            Status
-------     ---------------       ------
4           10.20.x.x          Up

0 Helpful

Go to solution
grabonlee
Level 4
Level 4
In response to grabonlee

‎04-26-2012 08:18 AM

Just performed a SHOW WLAN ID and it showed if Auto Anchor is enabled. So the suggested command by Stephen Rodriguez and SHOW MOBILITY ANCHOR which I used helps.

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to grabonlee

‎04-26-2012 08:31 AM

IIRC Auto Anchor is something different.  That would be the internal dynamically building the tunnel for a client that roams between them.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
grabonlee
Level 4
Level 4
In response to Stephen Rodriguez

‎04-26-2012 09:30 AM

Not sure what your point is. But as soon as I enabled auto anchor on the WLAN, it worked for me. If you are refering to IRCM, that has to do with compatibility across different versions of a controller.

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to grabonlee

‎04-26-2012 09:37 AM

When you configure the anchor, that's not auto anchoring. That's a hard anchor, which is why it works across mobility groups. Again that's if I recall correctly on the terminology

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
grabonlee
Level 4
Level 4
In response to Stephen Rodriguez

‎04-26-2012 12:40 PM

You are both right and wrong. Auto anchoring is a hard anchor in the sense that forces a client or WLAN to a particular controller in the mobility domain or group. This is particularly suited to Guest networking. When a client first associates with a controller on an anchored WLAN, a local is created and the Mobile Announce message is sent to the mobility group. When the message is not answered, the Foreign controller contacts Anchor controller and creates a foreign session for the client in its database. You may refer to this process as Symmetric tunneling using a fixed anchor. If you disable Auto anchor on a WLAN, traffic will never be tunneled from the Foreign to the Anchor. You can test for yourself and see. Disable Auto anchor a WLAN, verify by using the 2 command I mentioned above - Show wlan ID and Show mobility anchor. Do a show mobility summary and you will still the Control and Data path showing as up, but no anchoring will ever take place.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card