09-16-2011 03:18 AM - edited 07-03-2021 08:47 PM
Hi all,
I'm interested in the communities opinion in relation to DHCP provisioning when using auto-anchor/guest tunneling.
As far as I can tell, one cannot use the internal DHCP on the anchor controller when using auto-anchor due to incompatibility between the auto-anchor feature and DHCP Option 82.
The scenario is as follows:
Guest controller is the anchor which provides Internet access to guests.
There is a foreign controller which is configured to anchor to the guest controller.
The internal DHCP server is configured on the guest anchor controller, therefore DHCP proxy must be enabled for DHCP to work.
DHCP proxy enables Option 82.
The guidlines for guest tunneling state that DHCP Option 82 isn't supported. (Ref: Deploying and Troubleshooting Cisco Wireless LAN Controllers - Ch14)
So, the internal DHCP server requires DHCP proxy to be enabled; this in turn enables Option 82, which stops DHCP leases being made to clients connected to the foreign controller.
Given that a guest WLC would normally be placed in a DMZ, the internal DHCP server may often be the only DHCP solution available.
I look forward to hearing your opinions.
Thanks
Rhodri Jenkins
09-16-2011 05:59 AM
To me, the wrong part is "dhcp proxy enables option 82".
I would say "dhcp proxy is required if you want to turn on option 82" but option 82 is not enabled by default afaik. And I'm pretty sure I saw cases of internal dhcp on the anchor serving foreign clients ...
I can always be wrong but this is my impression
09-16-2011 06:01 AM
There are a couple of options here if you need to get proxy disabled
1) pinhole with an ACL that allows dhcp to pass your internal servers
2) run dhcp on a switch, router, or firewall in the dmz
3) if you are using a cab,e modem or dsl for the guest users, you can let that do the dhcp
In general I've seen most of these in play, but I like option 2 myself
Sent from Cisco Technical Support iPad App
09-16-2011 06:57 AM
Thanks guys for your comments.
The reason I came to the conclusion that enabling DHCP proxy means Option 82 is used was from the settings on the WLC, then again, as you say Nicolas, I thought in the past I'd used the internal DHCP server on an Anchor also...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide