Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

DHCP issues for Wired Guest LAN

Hi Everyone,

I've a 1751 acting as a DHCP server for client PCs on a guest network A.B.8.x (using an Anchor controller) on the DMZ of my firewall. The 1751 reports the following

Nov 30 15:35:45: DHCPD: DHCPDISCOVER received from client 0100.1708.37a3.55 through relay A.B.7.y.

Nov 30 15:42:41: DHCPD: there is no address pool for A.B.7.y.

I'd tied my guest vlan and corresponding DHCP scope on the router to A.B.8.x, but as A.B.7.x is the DHCP relay for the Anchor controller I don't understand why the DHCP server on the router is not doing what I expected it to.

As ever any help will be appreciated.

Many Thanks

Scott

6 REPLIES
Silver

Re: DHCP issues for Wired Guest LAN

Controllers are usually used for wireless network. I haven't heard controllers being used for wired clients. Actual logic behind is Router assigns an ip address in the subnet of DHCP Relay's ip subnet. But the message DHCPD: there is no address pool for A.B.7.y. indicates that address in the A.B.7.Y subnet is exhausted.

Community Member

Re: DHCP issues for Wired Guest LAN

Hello

I could not get the wired guest VLAN working in my lab, I had similar issues with DHCP. I am using a Windows 2000 machine as DHCP server.

The wireless controller should work as a DHCP relay. Every guest wired VLAN has an inside interface (the guest VLAN on switches, A.B.8.x in your case), and an outside interface (probably A.B.7.x in your case).

An Ethereal trace taken on the Windows 2000 server shows the wireless controller sending DHCP requests with the “outside” interface address as source, instead of the “inside” IP address. The source address for requests is very important, it determines what DHCP pool is used on server (hence the attempts to get addresses from the non-existing pool A.B.7.x in your case).

I may be missing something in the config, or the DHCP relay function is really screwed up on the Cisco wireless controller.

Regards,

Cristian

Community Member

Re: DHCP issues for Wired Guest LAN

Hi Cristian,

After much pulling of hair and gnashing of teeth I have got it working - what was not clear to me, and it looks as though you've fallen into the same trap, is that the egress interface on the anchor controller (ie the management port) defines the addresses given to the clients. The dhcp scope on your server has to be from the same network as the address of the management interface (so my guest clients get a A.B.7.x address). In fact the ingress interface addresses have no bearing (as I'm sure I read somewhere afterwards!) on how the guest access operates and can (should?) be dummy addresses.

I tried creating another vlan (with A.B.8.x) on the anchor controller and assigning that to the egress of the guest WLAN on the anchor and I could get A.B.8.x addresses from my DHCP server as I had planned, but, and this is a big but, web authentication just will not instigate. So it would seem that guest access is reliant on using the management interface as the egress on the anchor of the guest WLAN.

I hope this is helpful,

Regards

Scott

Community Member

Re: DHCP issues for Wired Guest LAN

Hello Scott,

You found a workaround for what seems to be a non-functional DHCP relay function in the wireless controller. I expect the controller to work the same way the “ip helper-address” command function works on Cisco routers - the original address of the inbound interface is maintained, just broadcast/multicast traffic is converted to unicast.

My controller is still in the lab, and not covered yet by a maintenance contract. If you can, open a case with Cisco TAC. I am curious what is official Cisco recommandation.

Thank you,

Cristian

Community Member

Re: DHCP issues for Wired Guest LAN

Hi Cristian,

I don't think it is a workaround. I believe that is how it is meant to work.

Regards

Scott

Community Member

Re: DHCP issues for Wired Guest LAN

I'm having the same problem. How can Cisco say this is how it is meant to work with a straight face. This is a joke. Why would anyone want their wired guest users being assigned IPs from the Management subnet. Has anyone found a way to use a different dynamic interface for the egress and also have web-auth work?

Thanks

Gene

223
Views
3
Helpful
6
Replies
CreatePlease to create content