https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335420#M107430 <P>Hello experts , i have the following setup</P> <P>&nbsp;</P> <P>5520 anchor wlc ------ DMZ switch ------- Firewall (which has the layer 3 of user subnet ) -----internet router --------- DHCP server (hosted somewhere else</P> <P>&nbsp;</P> <P>the scope is created on the dhcp server , which is pingable from the anchor wlc .</P> <P>i have enabled dhcp proxy on the anchor 5520 wlc globally and defined dhcp server IP address on the dynamic interface , on that interface i have checked the dhcp proxy option as "global".</P> <P>my clients do not grab an IP , is there something am i missing ?</P> <P>do i need to define the dhcp server IP on the management interface as well ?</P> <P>dhcp proxy helps the wlc to act as a helper , so maybe it is not working ?</P> <P>do i have to put the ip helper ip address on the firewall, where it has the layer 3 of the user subnet ?</P> <P>&nbsp;</P> <P>the 5520 does not support internal dhcp server.</P> Mon, 05 Jul 2021 15:17:20 GMT atifali.zaidi1 2021-07-05T15:17:20Z https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335420#M107430 <P>Hello experts , i have the following setup</P> <P>&nbsp;</P> <P>5520 anchor wlc ------ DMZ switch ------- Firewall (which has the layer 3 of user subnet ) -----internet router --------- DHCP server (hosted somewhere else</P> <P>&nbsp;</P> <P>the scope is created on the dhcp server , which is pingable from the anchor wlc .</P> <P>i have enabled dhcp proxy on the anchor 5520 wlc globally and defined dhcp server IP address on the dynamic interface , on that interface i have checked the dhcp proxy option as "global".</P> <P>my clients do not grab an IP , is there something am i missing ?</P> <P>do i need to define the dhcp server IP on the management interface as well ?</P> <P>dhcp proxy helps the wlc to act as a helper , so maybe it is not working ?</P> <P>do i have to put the ip helper ip address on the firewall, where it has the layer 3 of the user subnet ?</P> <P>&nbsp;</P> <P>the 5520 does not support internal dhcp server.</P> Mon, 05 Jul 2021 15:17:20 GMT https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335420#M107430 atifali.zaidi1 2021-07-05T15:17:20Z https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335439#M107431 <P>Hi</P> <P>&nbsp;You need to configure DHCP IP address on the WLC dynamic interface only.</P> <P>&nbsp;The problem is that you have a firewall in the middle right? How about that? How did you permit dhcp request from WLC to the DHCP server?</P> <P>&nbsp;Did you look at firewall logs to see if DHCP transaction is going back and forth?</P> <P>&nbsp;You don't need IP helper address as the WLC does not send DHCP request as broadcast but unicast.&nbsp;</P> <P>&nbsp;You do need permit dhcp through firewall.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>-If I helped you somehow, please, rate it as useful.-</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 21 Feb 2018 20:51:18 GMT https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335439#M107431 Flavio Miranda 2018-02-21T20:51:18Z https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335573#M107432 Hi there , i have asked the firewall team to.check if dhcp traffic is allowed through the firewall.<BR />Since dhcp uses udp, is there source/destination ports that we would need to open in this scenario ?<BR />Also since in dhcp proxy the wlc unicasts the dhcp request to dhcp server , the source ip address in this case would be the wlc's mamagement ip address amd then then destination ip address wud be dhcp server ip address ?<BR /> Thu, 22 Feb 2018 03:00:43 GMT https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335573#M107432 atifali.zaidi1 2018-02-22T03:00:43Z https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335577#M107433 <P>The source interface must be the interface you setup proxy on, probably an dynamic interface.&nbsp;</P> <P>But, just in case, you can easily see this on the firewall logs.</P> <P>&nbsp;Permit DHCP through firewall is not an too easy task. I´d need to know which firewall we are talking about but you need to permit at least&nbsp;&nbsp;<SPAN>bootpc = port67 and&nbsp;bootpc = port68.&nbsp;</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>-If I helped you somehow, please, rate it as useful.-</SPAN></P> Thu, 22 Feb 2018 03:12:07 GMT https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335577#M107433 Flavio Miranda 2018-02-22T03:12:07Z https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335900#M107434 <P>hi Flavio , thanks for the assistance here <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P>yes infact i have now involved the firewall team and we will do some log capturing today, hopefully it the firewall which is blocking the dhcp traffic and therefore we would need to open those dhcp ports as well.</P> Thu, 22 Feb 2018 14:17:51 GMT https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335900#M107434 atifali.zaidi1 2018-02-22T14:17:51Z https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335909#M107435 <P>Depending on the switch model, It is pretty straightforward create a DHCP scope on the switch and validate is the problem is firewall or not.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>-If I helped you somehow, please, rate it as useful.-</P> <P>&nbsp;</P> Thu, 22 Feb 2018 14:28:45 GMT https://community.cisco.com/t5/wireless/dhcp-proxy-with-5520/m-p/3335909#M107435 Flavio Miranda 2018-02-22T14:28:45Z