Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1300
Views
0
Helpful
5
Replies

Slow DHCP exchange over Wireless (4507R+E/SUP8E)

cnegrete
Level 1
Level 1

‎06-09-2015 10:36 AM - edited ‎07-05-2021 03:22 AM

Hi everyone.

 

I have a small issue with DHCP over Wireless and I need some insight.

 

Basically I have 8 SSID's, each on a different VLAN and Wireless Channel (they don't interfere with each other, they're spread over the 2.4 and 5GHz spectrums).  I do have as well 8 DHCP scopes on the switch (it's the same switch who does the WLC function with the SUP8E card, just like the 3760 switches).

 

If I connect a machine over UTP, the switch assigns an IP address within 3 seconds, but if I do it over the Wireless network, it takes over 40 seconds.

 

I checked with wireshark and my machine sends 6 DHCP requests before the switch answers, it's just as if the switch never gets the DHCP requests.  The same goes on the other direction, the switch says it has assigned the IP to the machine, but it takes another 30 seconds for the machine to get the response.  I'm suspecting there's too much traffic in the WLAN for the DHCP packets to arrive (and they're UDP so..). By the way, we have 30 clients on each WLAN at the same time, some get their ip quickly, but others are lagging behind, sometimes more than a minute. Sometimes even windows gives up and assigns a 169.x.x.x address by itself.

 

Is there a way to create a QoS setting that would send the DHCP packets with top priority on both directions?

Thanks for any ideas you might have.

I'm attaching the (almost full) config file.

 

 

Labels:
Preview file
31 KB
0 Helpful
5 Replies 5

Freerk Terpstra
Level 7
Level 7

‎06-09-2015 02:12 PM

I checked your configuration and I have the following suggestions:

1. Go to rapid spanning-tree, because rapid is always better (right?)

spanning-tree mode rapid-pvst

2. Go to a DHCP lease time of 8 hours instant of 5 minutes

ip dhcp pool xyz
 lease 0 8

3. Migrate from WEP to at least an PSK WPA2 AES (no tkip) configuration, dot1X is even better.

4. Go back to an absolute maximum of 4 SSID's, this should be possible for every environment with dot1x or ISE and AAA override. Every SSID has it's beacons and you are probably not the only one using 802.11 technology in your neighborhood.

If you are still having problems with multiple clients, go back to one SSID with no encryption at all. Than make changes step by step and see what is causing the latency.

Please rate useful posts :-)

0 Helpful

cnegrete
Level 1
Level 1
In response to Freerk Terpstra

‎06-09-2015 02:22 PM

1. Does it matter on Wireless?

2. The pool is set that way because it's a tablet activation area. The tablets are connected no more than 5 minutes at a time, and we don't want to exhaust the 250 hosts pool.

3. We could do that, but the tablets are already configured and the image takes time be rebuilt. I might try this one.

4. The SSIDs are spread over different 5Ghz channels so that shouldn't matter.

Let's see which options I can try.

 

I may even begin with the no encryption one first.

 

Any other ideas?  Because once the tablets get their IP address, the activation process goes smoothly.

0 Helpful

Freerk Terpstra
Level 7
Level 7
In response to cnegrete

‎06-09-2015 02:33 PM

The suggestions are based on my own personal experiences and best practices. I never saw an client connecting for a that short amount of time. Don't forget that conform the RFC's clients should renew their lease when they are at the half of the given lease. I don't know the details and scale about your project but I should start with a little bigger VLAN and just one SSID.

You can also run some "debug ip dhcp server" commands on the switch to see when the discovery messages are actually reaching the switch. If you want to you can also get some more information for specific one wireless client with the "debug client mac-address aa:aa:aa:aa:aa:aa" command.

0 Helpful

cnegrete
Level 1
Level 1
In response to Freerk Terpstra

‎06-10-2015 09:19 AM

Well, it seems that the WPA2/AES setting did the trick, but not for the encryption itself, but the fact that the tablets began connecting with 802.11n instead of g/a. That made a huge difference in the response times.

We're still monitoring, but the DHCP responses were drastically reduced, from about 90 seconds average to less than 20 all the time.

0 Helpful

Freerk Terpstra
Level 7
Level 7
In response to cnegrete

‎06-11-2015 03:38 AM

The only way to reach 802.11n speeds is without encryption or WPA2 AES, so that make sense. I still recommend you looking into the other things as well and maybe make a trace of the wireless traffic as well.

Please rate useful posts :-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card