I've a 1751 acting as a DHCP server for client PCs on a guest network A.B.8.x (using an Anchor controller) on the DMZ of my firewall. The 1751 reports the following
Nov 30 15:35:45: DHCPD: DHCPDISCOVER received from client 0100.1708.37a3.55 through relay A.B.7.y.
Nov 30 15:42:41: DHCPD: there is no address pool for A.B.7.y.
I'd tied my guest vlan and corresponding DHCP scope on the router to A.B.8.x, but as A.B.7.x is the DHCP relay for the Anchor controller I don't understand why the DHCP server on the router is not doing what I expected it to.
Controllers are usually used for wireless network. I haven't heard controllers being used for wired clients. Actual logic behind is Router assigns an ip address in the subnet of DHCP Relay's ip subnet. But the message DHCPD: there is no address pool for A.B.7.y. indicates that address in the A.B.7.Y subnet is exhausted.
I could not get the wired guest VLAN working in my lab, I had similar issues with DHCP. I am using a Windows 2000 machine as DHCP server.
The wireless controller should work as a DHCP relay. Every guest wired VLAN has an inside interface (the guest VLAN on switches, A.B.8.x in your case), and an outside interface (probably A.B.7.x in your case).
An Ethereal trace taken on the Windows 2000 server shows the wireless controller sending DHCP requests with the âoutsideâ interface address as source, instead of the âinsideâ IP address. The source address for requests is very important, it determines what DHCP pool is used on server (hence the attempts to get addresses from the non-existing pool A.B.7.x in your case).
I may be missing something in the config, or the DHCP relay function is really screwed up on the Cisco wireless controller.
After much pulling of hair and gnashing of teeth I have got it working - what was not clear to me, and it looks as though you've fallen into the same trap, is that the egress interface on the anchor controller (ie the management port) defines the addresses given to the clients. The dhcp scope on your server has to be from the same network as the address of the management interface (so my guest clients get a A.B.7.x address). In fact the ingress interface addresses have no bearing (as I'm sure I read somewhere afterwards!) on how the guest access operates and can (should?) be dummy addresses.
I tried creating another vlan (with A.B.8.x) on the anchor controller and assigning that to the egress of the guest WLAN on the anchor and I could get A.B.8.x addresses from my DHCP server as I had planned, but, and this is a big but, web authentication just will not instigate. So it would seem that guest access is reliant on using the management interface as the egress on the anchor of the guest WLAN.
You found a workaround for what seems to be a non-functional DHCP relay function in the wireless controller. I expect the controller to work the same way the âip helper-addressâ command function works on Cisco routers - the original address of the inbound interface is maintained, just broadcast/multicast traffic is converted to unicast.
My controller is still in the lab, and not covered yet by a maintenance contract. If you can, open a case with Cisco TAC. I am curious what is official Cisco recommandation.
I'm having the same problem. How can Cisco say this is how it is meant to work with a straight face. This is a joke. Why would anyone want their wired guest users being assigned IPs from the Management subnet. Has anyone found a way to use a different dynamic interface for the egress and also have web-auth work?
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...