12-03-2024 11:39 AM - edited 12-03-2024 11:41 AM
I have a weird issue with my Cisco 9200 and Aruba APs. Current network has multiple VLANs where the DATA VLAN is 10, the WLAN VLAN is 28, and the management VLAN is 999. All LAN devices plugged into VLAN 10 (DATA) has no issues getting a DHCP address. All clients connecting to the APs which are trunked and on native VLAN 28 take a long time to get a DHCP address. The APs trunk ports have all VLANs allowed and when doing a sh int trunk none of the VLANs are pruned. all switches in the environment and trunked via the management VLAN 999 which also has all the VLANs allowed. We do have a 9500 acting as a core switch doing routing which also is setup with all VLANs allowed. The SVI on the core for the WLAN is setup with an IP helper address pointing to the DHCP server (on prim). So at this point im stumped as to what is causing the delayed IP addresses on the wireless. A PC can connect to the SSID no issue, just gets an APIPA addresses until either it waits long enough or its force to do a release then renew a few time. Eventually it will get a DHCP address. None of the devices connected to the LAN has this issue, as they all get IP addresses immediately. Anyone else run into this issue?
Solved! Go to Solution.
12-03-2024 12:15 PM - edited 12-04-2024 06:21 AM
In SW
Disable ip redirects
Disable ip unreachable
Disable these under VLAN SVI that have issue.
MHM
01-16-2025 12:40 PM - edited 01-16-2025 12:43 PM
UPDATE... talked with Cisco Support and found out the issue was not related to the two WLAN VLANs but the data VLAN. it was causing a lot of icmp drops due to Cisco's new Control Plane Protections feature in the 9000 series switches. Tech support ran the following commands
monitor capture cap control-plane in match any buf size 100 start
monitor capture cap stop
show mon cap cap buf br
after only 7 seconds of running the first command we had 4700 drops and the last command showed those drops which all had IP addresses from our data vlan. we put the below commands on the data vlan and all the drops stopped.
no ip redirects
things are looking better now with dhcp request. Hopefully this will help others out who are having this issue.
12-03-2024 12:15 PM - edited 12-04-2024 06:21 AM
In SW
Disable ip redirects
Disable ip unreachable
Disable these under VLAN SVI that have issue.
MHM
12-03-2024 12:21 PM
ok ill try that and see what happens. Thanks.
12-03-2024 03:48 PM
Until prove the opposite, the problem to me is on the AP. If some configuration on the core were causing this, It should affect all the scopes.
One good thing to do would be use wireshark to sniff the traffic and see whats going on between the AP and switch.
12-04-2024 06:01 AM - edited 12-04-2024 06:02 AM
@Flavio Miranda
after adding the VLAN thats causing the issue to a LAN port and connecting my PC to that LAN port, i had the same issue as if i were trying to get DHCP from the wireless. This tells me that something on the switches are causing the issue. It took 3 ipconfig /renews before i was able to obtain an IP address from the wired LAN connection on VLAN 28. Im in the process of running wireshark now on the pc to see if i can determine whats causing this.
12-04-2024 06:05 AM
Sounds interesting. Let us about the logs
12-04-2024 06:57 AM
so i think i may have figure this out. there are two route entries in my bgp routing table that maybe conflicting with vlan 28. This vlan is a /23 and theres a entry in the table for this subnet as a /23 and /24. So im wondering if i remove the incorrect route, the /24 if things will work as it should. So for example the table has
network 192.168.1.0 mask 255.255.255.0
network 192.168.1.0 mask 255.255.254.0
and im wondering if the core is trying to use that first route entry then eventually using the second entry which is the correct one.
12-04-2024 07:01 AM
I will send you doc. about the issue
MHM
12-04-2024 07:10 AM
If the /24 is incorrect you should remove it cause the routing protocol will use it as it is more specific than /23.
12-09-2024 06:02 AM
Thanks to @MHM Cisco World. So far the no ip redirects command in the SVI seems to have resolved the issue. im going to give it another week and see how users in my environment respond. hopefully the complaints will go away.
01-16-2025 12:40 PM - edited 01-16-2025 12:43 PM
UPDATE... talked with Cisco Support and found out the issue was not related to the two WLAN VLANs but the data VLAN. it was causing a lot of icmp drops due to Cisco's new Control Plane Protections feature in the 9000 series switches. Tech support ran the following commands
monitor capture cap control-plane in match any buf size 100 start
monitor capture cap stop
show mon cap cap buf br
after only 7 seconds of running the first command we had 4700 drops and the last command showed those drops which all had IP addresses from our data vlan. we put the below commands on the data vlan and all the drops stopped.
no ip redirects
things are looking better now with dhcp request. Hopefully this will help others out who are having this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide