Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest Anchor Controller DNS issues


I have an anchor controller (4402) is running version in our DMZ

The main service we use is a guest service which uses the anchor controller in the DMZ for access to the internet. Authentication is via the WEB re-direct feature. We currently have a subnet assigned to the Guest SSID with a 22 bit mask providing just over 1000 ip addresses to clients.

Change required (which were attemped).

1. Move the dhcp server to a dedicated dhcp server and off the anchor controller.

2. Increase the address space to /21 thereby providing about 2000 addresses for clients. (By changing the ip address mask on the SSID interface).


The provision of dhcp from the new dhcp server worked fine and clients were able to pick up dhcp addresses when they associated to the wireless SSID.

The problem was that only some clients were being re-directed to the web-redirect page for authentication. Any clients who were re-directed were able to authenticate correctly.


It appears that only some client's dns requests were being passed on from the anchor controller. A capture of packets between the anchor controller and the DMZ firewall did not pick up dns packets from an assiocated and connected client even when running dns queries manually from the wireless client.

A reboot of the controller did not make any difference.

Is there any throttling effect on dns queries which may have being implemented on the anchor controller by default once the subnet mask was increased? I noticed authentication successes of about 1 a minute while normally we would see authentication rates of 1 every couple of seconds.

Are there any bugs or known reason why an interface mask of /21 would be problematic on the controller?

We had to roll back the changes to the original configuration in order to bring the service back on-line.


Re: Guest Anchor Controller DNS issues

Hello Eoin

Where is the external dhcp server ? in the same DMZ or on the inside network ? we have a /19 subnet allocated to the guests and I dont foresee any throttling on the dns queries.. The connectivity anyway till the anchor controller is on EoIP, and is just like the client connecting onto a local controller..

laptops which had issues -> was the problem interim or its just that they are not able to get the web redirect page at all ?

Check the release notes for any bugs on this software:


CreatePlease to create content