02-07-2012 09:06 AM - edited 07-03-2021 09:31 PM
I have had our WLC4400 in place for around five years. No configuration changes have been made to it or the 32 LWAPPs connecting to it. We have begun to have some spotty issues with client devices. The error message says they are unable to obtain an IP address. After they wait a few minutes, they connect. We have plenty of DHCP addresses available. We have 25 locations with at least one AP and the problem seems to be system wide. One person can connect and the person beside them cannot. Many say they have been connecting to our library wireless for a long time with no problems. No error messages are being logged.
Thanks for any help or ideas you can provide.
02-07-2012 02:08 PM
Hello,
What version of code is running on your WLC?
The next step would be to grab a client debug for a device that cannot get DHCP (are these APs in local mode or H-reap mode?)
On the WLC command line:
debug client xx:xx:xx:xx:xx:xx (mac addr of client device)
-Pat
02-09-2012 05:56 AM
Thanks for responding. I have answered your questions below.
02-09-2012 10:20 AM
I think you may have accidently left off your answers/debugs from your previous post.
-Pat
02-24-2012 12:38 PM
We have had to put the wireless troubleshooting on the back burner until today. We learned two things; Initially, the client receives the auto-configuration IP in Windows (169.x.x.x) The WLC is handing out 10.13.x.x addresses. When you do an IP Renew, you are given a working IP. Using the debug client command on the WLC shows me it is trying to hand out 0.0.0.0:
Fri Feb 24 14:20:54 2012: DhcpProxy(): Setting dhcp server from OFFER server: 10
.1.1.200
client mac: 00:c6:10:32:84:57 offer ip: 0.0.0.0
Do you have any idea as to why this would be happening?
Thank you,
Anna Turner
IT Manager
Tulsa City-County Library
Work - 918.549.7301
Cell – 918.607.1422
02-24-2012 01:14 PM
Hi Anna,
I would need to take a look at a full client debug from the start of the connection for more clues. Also, what version of code are you running on the WLC?
Also, if I could see your interface configuration for the WLAN in question (and the management interface details):
show interface detailed management
show interface detailed
If you do not want to post this information publically, you can send it in a private message and I will try to take a look.
-Pat
02-24-2012 01:22 PM
Anna,
You are not really clear on what device is handing out the IP addresses. Is it the WLC or an external server. If it is the WLC, then all your clients should experience the same problem, and if this is the case, then make sure DHCP proxy is enabled under Controller -> Advanced->Dhcp. If you are using an external DHCP server, and running HREAP, then check the vlan mapping on the access points to make sure the vlan for clients are correct
02-24-2012 01:43 PM
It is the WLC doing DHCP. It has been up for years and working flawlessly until several months ago. No changes in the configuration have been made, either. When on a client that wasn’t connected, I clicked the wireless icon in the task bar and it connected. No particular devices are problematic, clients connected previously have problems but most do not. I haven’t experienced it yet on my three wireless devices. We have 37 APs throughout the system and all the locations seem to be experiencing the issue so it has to be the WLC. What else can I provide?
Version 4.1.171.0
(Cisco Controller)
User: root
Password:********
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 00:18:b9:ea:a3:40
IP Address....................................... 10.1.1.200
IP Netmask....................................... 255.255.0.0
IP Gateway....................................... 10.1.1.1
VLAN............................................. 100
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.1.200.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
(Cisco Controller) >
Again, thank you!
Anna Turner
02-24-2012 02:21 PM
On the Advanced tab in the WLAN config, do you have dhcp required ticked. If so could you check if the clients with the problem have static ip in the wireless properties. Also your WLC code is old. Could you upgrade to version 7. What service packs are the laptops running
Sent from my HTC
02-24-2012 02:29 PM
Hi Anna,
Alright, one idea comes to my mind, we did have a bug in earlier 4.x WLC code:
CSCsy79782: WLC uptime reset to 0 after being up for 497 days.
Basically, counters WLC could reset if it was up for 497 consecutive days. The results after these counter resets are unpredictable, and intermittent issues can result.
A code upgrade on the WLC should be considered if possible, but what is the current Uptime on your WLC? You might want to simply try a WLC reboot during a maintenance window if the above condition could be possible.
Otherwise, if you can capture a full client debug of a failure we can take a look.
-Pat
02-25-2012 07:57 PM
My understanding is that the WLC was never intended to be a DHCP server for clients, only for APs, which is why you can't set other DHCP options other the the regular def gateway and DNS
By default the WLC is set to "enable DHCP Proxy" a.k.a. DHCP Relay
When a client connects to an SSID they are associated to a VLAN and you can specify the external DHCP in the advanced tab of the WLAN setup, or on the interface, if set. If you want to use a DHCP server or IP Helper without relaying through the WLC then you'll need to disable the DHCP Proxy so that DHCP Offer broadcasts are sent directly out the interface.
I think the fact that it worked originally might have just been good luck, as it will depend on the VLAN that you were using and adding more VLANs / Interfaces would likely upset this
That's my understanding anyway
Sent from Cisco Technical Support iPad App
02-27-2012 01:28 PM
This all started a month or two after we moved to a new Layer 3 switch. Even though the interface the WLC is plugged into appears to be the same – vlan 100 and vlan 105, perhaps there is a default setting confusing the dhcp requests. I shouldn’t need a helper address, since there is no actual broadcast within our network. The WLC intercepts the request but I was told it was meant to be a DHCP server for clients. If not, it worked well for us for years, thankfully!
I truly appreciate everyone’s help on this. I have an engineer coming tomorrow who may be able to help me with the new switch configuration, if that is indeed my problem.
02-28-2012 12:22 PM
Hi Anna,
You have shed more light by mentioning the L3 switch. I also noticed that your DHCP server is 10.1.200.1, while your WLC management IP is 10.1.1.200.
Firstly, the disparity in IP means that the WLC is not the dhcp server. If it was, then the dhcp server IP address would be same as the dhcp management IP.
Secondly, if VLAN 100 is for WLC management IP and VLAN 105 is for the AP manager interface, then you have to be able to route between VLANs via the L3 switch by configuring Switched Virtual Interfaces on the Layer 3 switch.
Thirdly, if you actually have an external dhcp server, then you must put an IP helper address on VLAN 105 on the L3 switch.
02-28-2012 01:41 PM
I do have the management IP, 10.1.1.200, which is the local network. All DHCP requests are handled by the WLC. There is no active DHCP server on 10.1.200.1. I will see if I can find that in the config somewhere. I don’t think that is being used, though.
Here is a sample from our layer 3 switch:
11:59:04.996636 In 00:24:d2:3f:2b:91 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105 , p 0, ethertype ARP, arp who-has 169.254.44.56 tell 0.0.0.0
Listening on ge-0/0/47, capture size 96 bytes
12:00:42.154631 Out 2c:21:72:9d:6a:32 > 01:80:c2:00:00:0e, ethertype LLDP (0x88cc), length 74: LLDP, name GATEWAY, length 60
12:00:42.511716 In 5c:59:48:e3:32:62 > 01:00:5e:00:00:16, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype IPv4, 169.254.74.139 > 224.0.0.22: igmp v3 report, 1 group record(s)
12:00:43.038075 In f0:cb:a1:6f:eb:38 > 01:00:5e:00:00:fb, ethertype 802.1Q (0x8100), length 74: vlan 105, p 0, ethertype IPv4, truncated-ip - 98 bytes missing! 10.13.3.98.5353 > 224.0.0.251.5353: 0 [|domain]
12:00:43.667016 In 18:34:51:f0:6c:61 > 2c:21:72:9d:6a:01, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 10.13.0.1 tell 10.13.2.149
12:00:43.667143 Out 2c:21:72:9d:6a:01 > 18:34:51:f0:6c:61, ethertype 802.1Q (0x8100), length 46: vlan 105, p 0, ethertype ARP, arp reply 10.13.0.1 is-at 2c:21:72:9d:6a:01
12:00:43.997231 In d0:df:9a:80:d0:c0 > 2c:21:72:9d:6a:01, ethertype 802.1Q (0x8100), length 74: vlan 105, p 0, ethertype IPv4, truncated-ip - 24 bytes missing! 10.13.2.205.63192 > 192.168.1.5.51602: UDP, length 52
12:00:43.997344 Out 2c:21:72:9d:6a:01 > d0:df:9a:80:d0:c0, ethertype 802.1Q (0x8100), length 74: vlan 105, p 0, ethertype IPv4, 192.168.1.5 > 10.13.2.205: ICMP host 192.168.1.5 unreachable, length 36
12:00:44.131990 In f0:cb:a1:6f:eb:38 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 10.13.0.1 tell 10.13.3.98
12:00:44.132119 Out 2c:21:72:9d:6a:01 > f0:cb:a1:6f:eb:38, ethertype 802.1Q (0x8100), length 46: vlan 105, p 0, ethertype ARP, arp reply 10.13.0.1 is-at 2c:21:72:9d:6a:01
12:00:44.151793 In f0:cb:a1:6f:eb:38 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 169.254.255.255 tell 10.13.3.98
12:00:44.243950 In f0:cb:a1:6f:eb:38 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 10.13.0.1 tell 10.13.3.98
12:00:44.244079 Out 2c:21:72:9d:6a:01 > f0:cb:a1:6f:eb:38, ethertype 802.1Q (0x8100), length 46: vlan 105, p 0, ethertype ARP, arp reply 10.13.0.1 is-at 2c:21:72:9d:6a:01
12:00:44.447345 In f0:cb:a1:6f:eb:38 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 169.254.255.255 tell 10.13.3.98
12:00:44.701857 In 18:34:51:f0:6c:61 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 10.13.0.1 tell 10.13.2.149
12:00:44.701974 Out 2c:21:72:9d:6a:01 > 18:34:51:f0:6c:61, ethertype 802.1Q (0x8100), length 46: vlan 105, p 0, ethertype ARP, arp reply 10.13.0.1 is-at 2c:21:72:9d:6a:01
12:00:44.722714 In 18:34:51:f0:6c:61 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 169.254.255.255 tell 10.13.2.149
12:00:44.770992 In f0:cb:a1:6f:eb:38 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 169.254.255.255 tell 10.13.3.98
12:00:44.866693 In 18:34:51:f0:6c:61 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 10.13.0.1 tell 10.13.2.149
12:00:44.866825 Out 2c:21:72:9d:6a:01 > 18:34:51:f0:6c:61, ethertype 802.1Q (0x8100), length 46: vlan 105, p 0, ethertype ARP, arp reply 10.13.0.1 is-at 2c:21:72:9d:6a:01
12:00:45.060838 In 18:34:51:f0:6c:61 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 64: vlan 105, p 0, ethertype ARP, arp who-has 169.254.255.255 tell 10.13.2.149
^C
23 packets received by filter
02-28-2012 03:18 PM
Hi Anna,
Your filter output has through so many variables in the mix. You have arp broadcasts going to different subnets
Please answer the following questions:
1. On the WLC, I presume that you have 2 interfaces, management and AP-manager. If so what is the IP address/mask of the AP-mgr interface.
2. Did you set up a dynamic vlan for clients and if so what is the IP address/mask
3. What are the IP addresses/mask for Vlans 100 and 105.
4. Could paste a copy of the config for the Advanced tab for WLAN setting on the controller and also the interface setting for both the management interface and other interfaces configure on the controller. You can attach as a word document.
Like I said before, if your management interface, AP-manager interface and other dynamic interfaces are on different IP subnet, then the vlans must be routable through a router or L3 switch.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: