Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

DHCP server override on 4402 WLC

I have successfully implemented wireless guest access using 4402 WLC as the Anchor and 5508 as Foreign. The Anchor controller also provides dhcp services to guest clients. The 5508 is LAGged and there is no issue with the guests traffic separated from corporate. At a remote site, there is a 4402 WLC using LAG and also acting as a Foreign controller. But when a client connects to the guest WLAN, it obtains a corporate dhcp address instead of the dhcp address assigned from the Anchor controller. The guest WLAN setting is the same as with the 5508 controller i.e. DHCP server override is ticked and the management IP address of the Anchor controller is specfied. Also DHCP Addr required is ticked. Could anyone explain why the 4400 controller is not forwarding dhcp requests to the anchor controller and instead sending to the corporate dhcp server.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: DHCP server override on 4402 WLC

it doesn't seem that the client is getting anchored.  there is a mobile announce, which will happen when a client joins, and the WLC checks it's peers to see if there is already an entry.

What I do see on the Foreign is: DHCP successfully bridged packet to DS.

I don't see any of the other messages that would indicate the WLC is trying to anchor the client at all.

Can you post the output of:

show wlan < wlan ID >  - from both the Anchor and the Foreign that are not working?

show mobility summary - from both the Anchor and the Foreign that are not working?

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
36 REPLIES
Hall of Fame Super Silver

Re: DHCP server override on 4402 WLC

Well it could be a few things. First, is your mobility anchor defined on the SSID on the remote wlc? The APs are in local mode not in h-reap or FlexConnect. Even though you have the dhcp override, if the traffic isn't getting tunneled, you won't get a dhcp from the anchor.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: DHCP server override on 4402 WLC

For anchoring to work, the WLAN config must match.

If you are anchoring the WLAN to a DMZ WLC, you don't need to set the tho override parameter, as the DGCP will come from the DMZ WLC by default.

Now if you have that setting on the inside, you must have the same settings on the DMZ as well

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Bronze

Re: DHCP server override on 4402 WLC

Thanks for you responses. However, I mentioned that APs connected to the 5508 WLC are working as expected. That means the guest WLAN config on the 5508 is the same as the 4400 and DMZ WLC. The guest WLAN is centrally switched.

Re: DHCP server override on 4402 WLC

Are you able to eping and mping between them? If you run debug client and debug mobility handoff. You should see messages on the anchor of its not able to create the tunnel for the user.

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Bronze

Re: DHCP server override on 4402 WLC

The mobility data and control path (eping/mping) is up. I will run a debug later.

Bronze

Re: DHCP server override on 4402 WLC

Looked at the mobility stats on the controller and discovered that there is no Client handoff as Foreign. Compared the config between 5500 and 4400 Foreign WLCs and found no error. My config is as follows:

1. LAG is enabled

2. Guest wlan mapped to management interface

3. Anchor WLC is 4400

4. Both Foreign and Anchor controllers have DHCP server override with the management IP add of the Anchor specified

5. Both Foreign and Anchor controllers management interfaces have no DHCP server IP specified

6. There is no guest vlan interface or subnet.

7. DHCP proxy is only enabled on Anchor controller

8. 5500 WLCs have been supporting guest access properly since 2011

This is really frustrating. I wish Cisco would could maintain some consistency

Hall of Fame Super Silver

Re: DHCP server override on 4402 WLC

On your foreign wlc, you have the SSID anchored to the 4400 and of course the 4400 guest WLAN is anchored to itself.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: DHCP server override on 4402 WLC

I have the same setup using a 4400 (repurpose) as an anchor for a couple of my clients and no issues with 5508's as the foreign.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***
Bronze

Re: DHCP server override on 4402 WLC

Scott,

Please read my comments. I never said I had issues with 5508 as Foreign WLC. My problem is with the Foreign 4402 WLCs. Anyway, l have planned to remove LAG from the Anchor 4400 and create a separate interface for the guest WLAN.

Hall of Fame Super Silver

Re: DHCP server override on 4402 WLC

Never said it was an issue with the 5508. But if you don't see anything anchored to your anchor WLC, then your 5508 is not anchoring the traffic for that WLAN. There is nothing different per say config wise from a 4400 and 5508 running the same code except for the ap manager interface on the 4400. Why not post your show run-config on your 4400 and 5508 which is the issue.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Bronze

Re: DHCP server override on 4402 WLC

My 5508 has no issues handing off to the 4400 Anchor. The problem is a foreign 4400 handing off to the 4400 Anchor despite the fact the config being the same as the 5508.

Hall of Fame Super Silver

Re: DHCP server override on 4402 WLC

Well that should be simpler since its the same hardware, you eliminate hardware compatibility issue. You need to post your config for us to be able to see if it's setup correctly.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Re: DHCP server override on 4402 WLC

You should never map the GUEST interface to managment even if its doesnt do DHCP, just bad pratices. If the tunnel breaks your guest will get dropped on the side of your network. You should create dummy interface.

What code revs are all these devices on ?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Bronze

Re: DHCP server override on 4402 WLC

My Anchor controller is on a DMZ. The corporate 4400s are not using etherchannel, hence there is a Guest interface that is not mapped to management. I only used LAG when the anchoring was not working between the Anchor 4400 and the Foreign 4400. The Anchor uses etherchannel, hence no separate guest interface. I have decided to create a separate guest interface on the Anchor controller to see if that solves the issue. This I will do on Monday. The 4400s are on 7.0.230.

Re: DHCP server override on 4402 WLC

It sounds very confusing, you mentioned above

2. Guest wlan mapped to management interface

Not sure what etherchannel has to do with your guest interface.

Its pretty simple...

Foreign controller -- DUMMY GUEST WIRED INTERFACE regarless of LAG or not. Your foreign controller will act as the relay point to your anchor. If configured right.

Anchor -- you need a guest interface to dump the guest traffic. Its good pratice.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Bronze

Re: DHCP server override on 4402 WLC

George,

In my opinion, whether the guest wlan on the Anchor controller is mapped to the management interface or not doesn't matter as it is behind the FW and there is no external DHCP server. When the I first configured the 5508 to relay guest traffic, it worked. But because of increasing demand for guest access in some sites with 4400s, I had to integrate the 4400. The config on the 4400 Foreign controllers were made similar to the 5508:

1. Created guest wlan and dhcp server override with IP address of the anchor

2. Created mobility group

From the debug, the Foreign 4400 actually contacted the Anchor, but there was no handoff. That is why I earlier said that the only change I intend to make is to create a guest interface on the Anchor and see if it solves the problem. But it is strange that the 5508 could hand off to the 4400 Anchor but the 4400 Foreign can't.

Re: DHCP server override on 4402 WLC

I agree, i was thinking intrenal, my bad. But if you map it on the mangement interface your guest clients are sitting on and can access the mangament . But regardless, they can anyway becuase its connected route in the wlc.. but anyway

What is your code revs on all these controllers?

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Bronze

Re: DHCP server override on 4402 WLC

The 4400s are on code 7.0.230. The 5500s are on 7.2.

Re: DHCP server override on 4402 WLC

Normally when anchoring cisco recommends staying on the same 7.x code. But I understand, 4400 cant support 7.2.

I know I've had anchoring issues when my anchors were on 5.x and my foreign controllers were on 6.x

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Bronze

DHCP server override on 4402 WLC

4400s can't do 7.2. The highest code for 4400 is 7.0.230. 7.2.130 is meant for 5500s

Re: DHCP server override on 4402 WLC

I understand.

But perhaps, since you are anchoring between 2 diferent major releases could be your issue. I have deployed more guest networks then I can count. And it sounds like your config it ok.

I know on a few TAC calls the engineer referenced to insure both anchor and foreign were at least on the same main rev and not to mix.

7.0.98.0 <--> 7.0.116.0 OK

6.0.115.0 <--> 7.0.116.0 not ok

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Silver

Re: DHCP server override on 4402 WLC

George, different major releases are fine:

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml#Q-Aug08

With that said I haven't tested 7.2 foreign to 7.0 anchor. Should work though, might have to fire up the lab and see what happens.

Hall of Fame Super Silver

Re: DHCP server override on 4402 WLC

Well he mentioned he didn't have any issue with the 5500's anchoring to the 4400 in the DMZ. His issue is a foreign 4400 anchored to the 4400 DMZ wlc. So it looks like you can have an anchor from 7.2 to 7.0 with no issues.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

Re: DHCP server override on 4402 WLC

Have you been able to gather the debugs I talked about earlier? If so, can you post them?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Bronze

Re: DHCP server override on 4402 WLC

Unfortunately, I've been busy with some project planning stuff and I'll embark on a short trip tomorrow. I'll post the debugs on Thursday.

Bronze

Re: DHCP server override on 4402 WLC

Please see attached debugs;

1. DEBUG-MGT-Interface -- is a debug when guest wlan is mapped to management interface.

2. DEBUG-Guest-Interface --- is a debug when guest wlan is mapped to a separate guest interface.

The results are the same in both instances.

10.20.x.x is the Anchor controller

17x.5x.1.x is the management interface of the 4400 Foreign controller

17x.x9.2.x is the guest interface created on the 4400 Foreign controller

DHCP server override on 4402 WLC

these both were run on the Anchor?

what I would like to see is the debug mobility handoff enable run on both the internal and the DMZ WLC.  If you want to run debug cleint < client mac address > enable on the anchor that is fine as well.

when running these debugs, have the setup as you would normally.

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Bronze

DHCP server override on 4402 WLC

Stephen,

They were both run on the Foreign. Forgot to upload that from the Anchor. Occured to me that I didn't upload that from the Anchor. Will do so in the morning.

Bronze

Re: DHCP server override on 4402 WLC

See attached the debug for the Anchor controller and debug client mac on the foreign controller. On the Anchor, I noticed a message: Vlan List payload not found, ignoring. This to my knowledge means a bug issue in the Data path. However, note that my Control and Data paths are up and there is nothing preventing communication between both controllers across the FW.

1723
Views
0
Helpful
36
Replies
CreatePlease to create content