Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2938
Views
0
Helpful
11
Replies

DHCP proxy not working

Go to solution
dl6kwa
Level 1
Level 1

‎04-07-2009 05:37 AM - edited ‎07-03-2021 05:25 PM

I have two WLC 4402 servicing several SSIDs. Every SSID represents a different VLAN with a different IP subnet.

Now I want to use one DHCP server for all SSIDs. So I configured the server (I disinguish the requests from the different networks by option 82), put him into the VLAN where the ap-manager and the management interfaces are residing in and configured the DHCP server address of the interfaces on the WLC appropriate to the new setup.

Now my problem: No request arrives at the server. I now tried nearly all options but without success.

I found out that relaying works if the DHCP server is on the SAME subnet. Then all requests are relayed (yes, relayed, unicasted by the controller).

DHCP debug of the WLC says:

DHCP received op BOOTREQUEST (1) (len 313, port 1, encap 0xec03)

DHCP selecting relay 1 - control block settings: dhcpServer: 10.22.72.3, dhcpNetmask: 255.255.248.0, dhcpGateway: 10.22.72.33, dhcpRelay: 10.22.72.1 VLAN: 22

DHCP selected relay 1 - 10.22.72.3 (local address 10.22.72.1, gateway 10.22.72.3, VLAN 22, port 1)

DHCP transmitting DHCP REQUEST (3)

...

If now I enter the DHCP server address of the new server (directly reachable though the ap-amanager and management interfaces) I get the following:

DHCP received op BOOTREQUEST (1) (len 308, port 1, encap 0xec03)

DHCP selecting relay 1 - control block settings: dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0, dhcpGateway: 0.0.0.0, dhcpRelay: 10.6.72.1 VLAN: 640

DHCP selected relay 1 - NONE

It just seems to ignore the entered DHCP server address.

I tried several software versions (v4.2, v5.2), all the same.

DHCP proxy is enabled - as mentioned, if the DHCP server is in the same subnet, it works fine.

Any suggestions?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to dl6kwa

‎04-14-2009 07:56 AM

OK, so the DHCP server does not have a gateway, so it can't respond to a request on another network....That is the problem. With this config you would never get DHCP to work, as you had seen.

No the WLC will not send the DHCP request for x vlan out y vlan.....DHCP needs to be reachable..

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎04-09-2009 10:14 AM

can you post :

show run-config no-ap

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
dl6kwa
Level 1
Level 1
In response to Stephen Rodriguez

‎04-14-2009 12:35 AM

The requested output is in the attached file.

In the meanwhile I tried a factory reset, configured only the necessary interfaces and one WLAN (with firmwares 4.0, 4.1, 4.2, 5.2), no success.

Preview file
68 KB
0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to dl6kwa

‎04-14-2009 06:57 AM

WLC config looks good. Best bet at this point, is to open a TAC case. Need to be online and see what is going on.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
dennischolmes
Level 7
Level 7
In response to Stephen Rodriguez

‎04-14-2009 07:09 AM

ALso make sure the DNS entry for the DHCP server is correct and can be reached from the vlan on which the APs reside for their address. If not the AP will not resolve DNS fully when getting its IP address and will not be able to relay effectively the dhcp requests from the clients.

0 Helpful

Go to solution
dl6kwa
Level 1
Level 1
In response to dennischolmes

‎04-14-2009 07:17 AM

Sadly I am not able to open a TAC request because our WLCs are not covered by our service contract, so I guess I'm stranded here.

Since we use only LWAPP-APs (configured with static IPs) and the DHCP-Server resides directly in the VLAN where the management and ap-manager-interfaces of the controllers are, DNS should not be an issue, should it?

0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to dl6kwa

‎04-14-2009 07:20 AM

No, DNS should not be an issue, as this is for the clients, as I read the issue. As the DHCP server is on the mgmt subnet, it should be reachable with out issue.

If you can't open a TAC case, I'll do my best to help over NetPro.

Capture the output of:

debug client < client mac address>

Start this prior to your client attempting to get on the network, and let it run for at least 5 minutes. Once you have it, post here and I'll see if I see anything odd.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
dl6kwa
Level 1
Level 1
In response to Stephen Rodriguez

‎04-14-2009 07:49 AM

Here's the debug data as requested. Its shows the complete connection try of a notebook.

As I took a look on it myself I noticed line 77 of the debug output:

DHCP selected relay 1 - 10.44.1.9 (local address 10.6.72.1, gateway 10.6.72.33, VLAN 640, port 1)

It obviously selected the correct ip of the DHCP server (10.44.1.9). But does the rest mean the Controller tries to forward the request via the standard gateway of the VLAN the client resides in? (10.6.72.33 is the standard gateway of the WLAN of the client). This will fail because the network the DHCP server resides in doesn't have a gateway and is therefor unreachable by other networks (by purpose).

Is there a way to make the controller send out the relayed request though its interface in the network of the DHCP server?

Preview file
23 KB
0 Helpful

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to dl6kwa

‎04-14-2009 07:56 AM

OK, so the DHCP server does not have a gateway, so it can't respond to a request on another network....That is the problem. With this config you would never get DHCP to work, as you had seen.

No the WLC will not send the DHCP request for x vlan out y vlan.....DHCP needs to be reachable..

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
dl6kwa
Level 1
Level 1
In response to Stephen Rodriguez

‎04-14-2009 08:08 AM

That explains it then.

Since the targeted VLAN with the DHCP does not have a gateway the request never reached the server.

Thats odd, I asked my colleague some time ago to check at the router for incoming DHCP packets, he said there are none. Guess I have to have a word with him ;-)

So to get this right: The controller will never itself "route" the dhcp request, even if he has a interface in the targeted network where the dhcp server is residing in but instead use the default gw of that network where the request comes from to send the request to its destination? Too sad...

0 Helpful

Go to solution
dennischolmes
Level 7
Level 7
In response to dl6kwa

‎04-14-2009 07:20 AM

It shouldn't but I had a similar problem last week on an apparently fine wlan. After hours of research that is what I found to be the problem. I would just very that it is working that you have IP helper installed to assist with the address issues and then let me know what happens.

0 Helpful

Go to solution
dennischolmes
Level 7
Level 7
In response to dennischolmes

‎04-14-2009 08:46 AM

Good job man.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card