cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
174
Views
0
Helpful
3
Replies
Highlighted
Beginner

DHCP not working on Router connected to a Switch via a trunk for a WLC Flexconnect Local Switching AP scenario

I have a scenario where I am trying to provide DHCP locally at a remote site in a WLC FlexConnect Local Switching Scenario. I would like a router subinterface that is connected via a trunk to an access switch where a Cisco AP is connected via a trunk port to provide IP addresses via DHCP. The Cisco AP has a static IP address on the native VLAN 70 subinterface as defined below (not in the config but have it configured on the WLC 2504 with a static IP of 10.6.70.11).  From what I have found in various sections of the Community, it looks like DHCP requests and responses won't work through a trunk since the switch is only configured for Layer 2 and will not pass the DHCP Requests correctly through the trunk port to the Layer 3 device (Router)? 

 

DHCP Server (4351 Router) --> TRUNK PORT --> 2960X switch --> TRUNK PORT --> Cisco AIR-CAP2702I-B-K9 --> DHCP Client

 

Configurations for the router and switch are listed below:

 

4331 Router

ip dhcp excluded-address 10.70.150.1 10.70.150.4
!
ip dhcp pool WIRELESSTEST
 network 10.70.150.0 255.255.255.0
 default-router 10.70.150.1
 dns-server 8.8.8.8 4.4.4.4

!

interface GigabitEthernet0/0/2
 description LAN INSIDE-NETWORK-TO-2nd_Floor_2960X_Switch_Port1/0/1
 no ip address
 negotiation auto

!

interface GigabitEthernet0/0/2.70
description CISCO-AP VLAN
encapsulation dot1Q 70
ip address 10.70.6.1 255.255.255.0
ip helper-address 172.25.60.100
ip helper-address 10.70.150.1

!

interface GigabitEthernet0/0/2.150
 description WIRLESS NETWORK FOR GUEST ACCESS
 encapsulation dot1Q 150
 ip address 10.70.150.1 255.255.255.0

 

 

2960X config

interface GigabitEthernet1/0/1
 description to Router 4351
 switchport mode trunk
!

interface GigabitEthernet3/0/37
 description CISCO AP - PC BRANCH Drop-163-1-H-3
 switchport trunk native vlan 70
 switchport mode trunk

--------------------------------------------------------------------------------------

 

I see the DHCP Discover and DHCP Requests being sent to the router when I look at a "show ip dhcp server statistics gi0/0/2.150" but nothing being sent from the router. 

 

Can this configuration work or will it only work if directly connected to an interface on the router? If this doesn't work, then I will configure DHCP on my customer's AD Domain Controller and configure a helper-address on the Cisco AP's native VLAN (VLAN 70 as listed on the router config above). I would move the DHCP config for VLAN 150 from the router to the AD DC and then I believe this will work correctly. 

 

All of this is so I can use the WLC FlexConnect Local Switching for the AP so DHCP is given out locally at this remote site and then a WLAN that will be for Guest Wireless will only be allowed to go to and from the Internet with a DIA connection at this remote site instead of going back to the WLC in their Data Center and then traversing the DIA connection at that location. I didn't show the ACLs I have defined for inbound and outbound access but I will show them here now for review:

 

ip access-list extended INTERNET-ONLY-IN
 deny ip 10.0.0.0 0.255.255.255 10.70.150.0 0.0.0.255
 deny ip 172.16.0.0 0.15.255.255 10.70.150.0 0.0.0.255
 deny ip 192.168.0.0 0.0.255.255 10.70.150.0 0.0.0.255
 permit ip any 10.70.150.0 0.0.0.255
ip access-list extended INTERNET-ONLY-OUT
 deny ip 10.70.150.0 0.0.0.255 10.0.0.0 0.255.255.255
 deny ip 10.70.150.0 0.0.0.255 172.16.0.0 0.15.255.255
 deny ip 10.70.150.0 0.0.0.255 192.168.0.0 0.0.255.255
 permit ip 10.70.150.0 0.0.0.255 any

-----------------------------------------------------------------------------------------------------

 

These ACLs will eventually be configured on the VLAN 150 subinterface of the router as an inbound and outbound Access Group.

 

I  believe I have the WLC configured correctly for FlexConnect Local Switching and DHCP override from the management interface so it uses the DHCP server locally defined. 

 

I know I've got multiple questions here, but my biggest concern is whether the DHCP config will work with this scenario or not. If this doesn't work, then I will need to move the DHCP server to the AD DC and then try that with the WLC FLexConnect Local Switching configuration. 

 

Thanks in advance,

            

             Joe Del Rosario

 

 

3 REPLIES 3
VIP Mentor

Re: DHCP not working on Router connected to a Switch via a trunk for a WLC Flexconnect Local Switching AP scenario

Hello,

 

if you want Vlan 70 to be the native Vlan, you need to configure all trunk accordingly:

 

 

4331 Router

ip dhcp excluded-address 10.70.150.1 10.70.150.4
!
ip dhcp pool WIRELESSTEST
network 10.70.150.0 255.255.255.0
default-router 10.70.150.1
dns-server 8.8.8.8 4.4.4.4

!

interface GigabitEthernet0/0/2
description LAN INSIDE-NETWORK-TO-2nd_Floor_2960X_Switch_Port1/0/1
no ip address
negotiation auto

!

interface GigabitEthernet0/0/2.70
description CISCO-AP VLAN
encapsulation dot1Q 70 native
ip address 10.70.6.1 255.255.255.0
ip helper-address 172.25.60.100
ip helper-address 10.70.150.1

!

interface GigabitEthernet0/0/2.150
description WIRLESS NETWORK FOR GUEST ACCESS
encapsulation dot1Q 150
ip address 10.70.150.1 255.255.255.0

 

 

2960X config

interface GigabitEthernet1/0/1
description to Router 4351
switchport mode trunk

switchport trunk native vlan 70
!

interface GigabitEthernet3/0/37
description CISCO AP - PC BRANCH Drop-163-1-H-3
switchport trunk native vlan 70
switchport mode trunk

Hall of Fame Master

Re: DHCP not working on Router connected to a Switch via a trunk for a WLC Flexconnect Local Switching AP scenario

Joe

 

@Georg Pauwen makes a good point about needing consistency if you want vlan 70 to be the native vlan. I am a little puzzled about the helper address that you have configured on the vlan 70 sub interface on the router. If a DHCP request is received on that interface then the gateway address would be 10.70.6.1. But you do not show any DHCP scope for that subnet. If the AP connection is a trunk, if that trunk includes vlan 150, and if the client DHCP request is sent on vlan 150 then I would expect that the request would get to your router sub interface for vlan 150 and I would expect DHCP to work (no need for helper address). Can you tell us more about the AP connection on the access switch?

 

HTH

 

Rick

Beginner

Re: DHCP not working on Router connected to a Switch via a trunk for a WLC Flexconnect Local Switching AP scenario

Thanks for the replies... Unfortunately, I've got other VLANs defined for the other networks at this site (Users, Domain Controllers, Servers, etc.) where I won't be able to change this in the middle of the day. I thought about the consistency with the native VLAN across the board as well... 

 

For the helper address on the VLAN 70 interface, I have another Cisco AP on that same switch that is giving out DHCP to clients from that VLAN but the DHCP server is on a Domain Controller (172.25.60.100)... actually that helper address is not being used at all because the WLC virtual interface that the 2nd AP is connecting to has a DHCP server configured that is at the data center where the WLC is located not at the local site where I'm trying to provide DHCP at...

 

Because I can't change the native VLAN on the trunks without possibly affecting other VLANs during production, I'll most likely go with the external DHCP server on the local (remote site) network and use the helper address on the VLAN 150 interface to send DHCP Requests to that DHCP server... 

 

My only other question would be what virtual interface should I use on the WLC to manage the WLAN? There is an interface that was defined previously that has a VLAN tag of 702 and different network address ( but that is only defined at the Data Center and not passed through the remote site) DHCP for that interface is defined at the WLC and managed by the WLC. 

 

But what I'm trying to do is move DHCP to the remote site (local) and then have traffic at that site go out a DIA location without having to go back through the WLC and the DIA connection at the Data Center where the WLC is located... 

 

Hope this makes sense and thanks for your assistance!

 

       Joe

CreatePlease to create content
Content for Community-Ad