Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1622
Views
0
Helpful
3
Replies

Guest Anchors and external DHCP servers

laposilaszlo
Level 1
Level 1

‎08-13-2013 04:49 AM - edited ‎07-04-2021 12:38 AM

Hi,

We are using guest anchors (GA) for supporting wireless guest user.

Until now we used internal DHCP server on the GA but now we want to move to external.

For example:

The guest will reside on 192.168.0.x, this is separated by a firewall from the inside network and is not routable on the inside.(this is the guest interface of the GA)

The DHCP server will be somewhere on the internal network only reachable by GA's management interface.

Is it possible for DHCP requests to be forwarded to the DHCP server originating from the management interface?

If this is not how it should happen, than what other options are there for placing the external DHCP servers?

Let me know if you need more information regarding our solution..

Thank you,

Laszlo

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Marco Gonzalez
Level 1
Level 1

‎08-13-2013 06:13 AM

Hello Laszlo,

Yes, what you want to do can be done but there are few things that you have to consider.

First is that you are not going to use the WLC as the DHCP server so you should go to the interface configuration and point the DHCP server to the external one.

Now, what you want to do here is to make the wireless LAN controller a DHCP relay agent (or proxy), this way the wireless LAN controller is the one handling all the DHCP requests and it is going to be the one asking for an IP address in behalf of the client using the management interface. This behavior is enabled by default and I believe you have it already configured because it is necessary for the internal DHCP server of the WLC to work; it is configured on the "Controller" tab > Advanced > DHCP. On new versions of software this option is configurable by interface.

There is a catch though, if the DHCP server is an ASA or if the request has to go through an ASA or firewall, this might not work because by design some ASAs will drop every DHCP request comming from a relay agent so just consider this when you do these type of deployments.

If you have any questions let me know.

Best regards,

Marco Gonzalez

Cisco TAC TL

0 Helpful

laposilaszlo
Level 1
Level 1
In response to Marco Gonzalez

‎08-13-2013 10:07 PM

Hi Marco,

Yes, all these are configured.

Our only problem is that the DHCP request is sent out using the guest interface's ip address.

And this one is not routed accros the internal network.

I cannot make it to send it out using the management interface.

I dont even know if this is possible, or it is meant to be like this.

For example if it will send out the request of a guest using the management interfaces addres as source, how will the dhcp server know that he needs to hand out an ip from the guest pool.

Thanks,

laszlo

0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎08-14-2013 12:06 PM

Hello,

As per your query i can suggest you the following solution-

Yes, you can configure DHCP relay services for DHCP requests to be forwarded to the DHCP server originating from the management interface

For more information please refer to the link-

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_dhcp.html#wp1226581

Hope this will help you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card