Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!
Andriy Sidko

successful DHCPDISCOVER & DHCPOFFER, but no DHCPREQUEST & DHCPACK via bvi interface

Hi guys.

My schemma looks like:
cisco router (DHCP ---- non cisco wireless AP -- cisco wireless AP)

I'm configureing cisco wireless access point (ap801) to get IP from DHCP server (cisco router) via non-cisco AP. This non cisco AP perworming just WPA2&PSK and no filtering:

root@ap:/home/sam# iptables -vnL
Chain INPUT (policy ACCEPT 73 packets, 5877 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 59 packets, 7184 bytes)
pkts bytes target prot opt in out source destination

from this non-cisco AP (MAC c24a.0040.9f36) I see cisco wireless AP (MAC 2c54.2dba.136e) successfully joined:

root@ap:/home/sam# iwinfo wlan0-1 ass
2C:54:2D:BA:13:6E -38 dBm / -95 dBm (SNR 57) 300 ms ago
RX: 144.4 MBit/s, MCS 15, 20MHz 896 Pkts.
TX: 1.0 MBit/s 4 Pkts.
expected throughput: unknown


I see same from cisco cisco wireless AP

ap#sh dot11 ass all | i State|c24a|Strength
Address : c24a.0040.9f36 Name : NONE
State : Assoc Parent : -
Signal Strength : -36 dBm Connected for : 1268 seconds

Cisco AP config looks like:

dot11 ssid a81m-guest
vlan 20
authentication open
authentication key-management wpa version 2
wpa-psk ascii 0 siper-puper-password
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 20 mode ciphers aes-ccm
ssid a81m-guest
antenna gain 0
station-role workgroup-bridge universal c24a.0040.9f36
interface Dot11Radio0.20
encapsulation dot1Q 20 native
bridge-group 1
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
interface GigabitEthernet0.20
encapsulation dot1Q 20 native
bridge-group 1
interface BVI1
mac-address 00ed.b184.2174
ip address dhcp

finnally cisco wireless AP int bvi 1 not assigned IP from cisco router DHCP

ap#sh ip int bri | i bvi
BVI1 unassigned YES DHCP up up

but I see IP has been assigned by cisco router DHCP server:

gate#sh ip dhcp bin

-= ommited for briefly=- 0063.6973.636f.2d30. Aug 27 2019 01:07 PM Automatic

whenever run debug dhcp at cisco wireles AP and debug ip dhcp packets at cisco DHCP server I've fount DHCP serverr got discover and sent offer messages proposing IP in this case

Aug 27 13:33:14 070013: Aug 27 13:33:14.078: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d30.3065.642e.6231.3834.2e32.3137.342d.4256.31 on interface Vlan12.
Aug 27 13:33:14 070020: Aug 27 13:33:14.078: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d30.3065.642e.6231.3834.2e32.3137.342d.4256.31 ( Setting only requested parameters

but cisco wireless client doesn't get them and sending discover again

*Mar 1 00:41:32.687: DHCP: SDiscover attempt # 3 for entry:
*Mar 1 00:41:32.687: Temp IP addr: for peer on Interface: BVI1
*Mar 1 00:41:32.687: Temp sub net mask:
*Mar 1 00:41:32.687: DHCP Lease server:, state: 3 Selecting
*Mar 1 00:41:32.687: DHCP transaction id: 124F
*Mar 1 00:41:32.687: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Mar 1 00:41:32.687: Next timer fires after: 00:00:04
*Mar 1 00:41:32.687: Retry count: 3 Client-ID: cisco-00ed.b184.2174-BV1
*Mar 1 00:41:32.687: Client-ID hex dump: 636973636F2D303065642E623138342E
*Mar 1 00:41:32.687: 323137342D425631
*Mar 1 00:41:32.687: Hostname: ap
*Mar 1 00:41:32.687: DHCP: SDiscover placed class-id option: 436973636F204150383031
*Mar 1 00:41:32.687: DHCP: SDiscover: sending 302 byte length DHCP packet
*Mar 1 00:41:32.687: DHCP: SDiscover 302 bytes
*Mar 1 00:41:32.687: B'cast on BVI1 interface from
*Mar 1 00:41:36.687: DHCP: QScan: Timed out Selecting state
ap#%Unknown DHCP problem.. No allocation possible

Could you guys help?

Thank you.

Giuseppe Larosa
Hall of Fame Master

Hello Andriy,


as far as I know about IPtables in Linux system the Forward CHAIN should be used.

In your case the FORWARD CHAIN has 0 packets.

You may need to enable either IP routing or bridging on the third party AP to make possible DHCP communication between server and client.

The two Cisco devices look like to be configured correctly and the debug output also shows expected output.


You lab setup is not usual as the common setup is to have the AP connected to a POE enabled switch port and to get an IP address on the wired giga interface.

It looks like you would like to get an IP address on WIFI via the third party AP.

The DHCP request has a broadcast destination , the DHCP offer should have a unicast destination that should be Cisco device MAC address.

The third party AP looks like to be able to propagate broadcast frames but to block unicast frames with a destination different from their own MAC address.


Hope to help



Hi Giuseppe.


Thank you for your email.


iptables is nor filtering any packets because it's it flush (permit any) state. All chains (input, output, forward, pre&post routing in ACCEPT state for all tables: filter, nat and mangle


Moreover, whenever I'm connecting my android phone to "a81m-guest" SSID I got  right IP, wireshark screenshot attached. (attachment name DHCP-client-android-phone) Just regular DHCP process: discover, offer, request, acknowledgment.

But.... Cisco 891W router acting as uWGB to thirst party AP and requesting IP from DHCP server (cisco 2921) got in stack in offer,  no request

(attachment file name: DHCP-client-cisco-891w)


Anyway, do you have fresh idea what it could be?


p.s. LAB is need to do unusual things no well known  ones. :) Actually I just need to connect nearest building to corporate network by using universal WBG.


Thank you Giuseppe