cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3383
Views
0
Helpful
2
Replies

successful DHCPDISCOVER & DHCPOFFER, but no DHCPREQUEST & DHCPACK via bvi interface

Andriy Sidko
Level 1
Level 1

Hi guys.

My schemma looks like:
cisco router (DHCP ---- non cisco wireless AP -- cisco wireless AP)

I'm configureing cisco wireless access point (ap801) to get IP from DHCP server (cisco router) via non-cisco AP. This non cisco AP perworming just WPA2&PSK and no filtering:

++++++++++++++++++++
root@ap:/home/sam# iptables -vnL
Chain INPUT (policy ACCEPT 73 packets, 5877 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 59 packets, 7184 bytes)
pkts bytes target prot opt in out source destination
root@
++++++++++++++++++++

from this non-cisco AP (MAC c24a.0040.9f36) I see cisco wireless AP (MAC 2c54.2dba.136e) successfully joined:

++++++++++++++++++++
root@ap:/home/sam# iwinfo wlan0-1 ass
2C:54:2D:BA:13:6E -38 dBm / -95 dBm (SNR 57) 300 ms ago
RX: 144.4 MBit/s, MCS 15, 20MHz 896 Pkts.
TX: 1.0 MBit/s 4 Pkts.
expected throughput: unknown

root@ap:/home/sam#
++++++++++++++++++++

I see same from cisco cisco wireless AP

++++++++++++++++++++
ap#sh dot11 ass all | i State|c24a|Strength
Address : c24a.0040.9f36 Name : NONE
State : Assoc Parent : -
Signal Strength : -36 dBm Connected for : 1268 seconds
ap#
++++++++++++++++++++

Cisco AP config looks like:

++++++++++++++++++++
dot11 ssid a81m-guest
vlan 20
authentication open
authentication key-management wpa version 2
wpa-psk ascii 0 siper-puper-password
!
bridge irb
!
interface Dot11Radio0
no ip address
!
encryption vlan 20 mode ciphers aes-ccm
!
ssid a81m-guest
!
antenna gain 0
station-role workgroup-bridge universal c24a.0040.9f36
!
interface Dot11Radio0.20
encapsulation dot1Q 20 native
bridge-group 1
!
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
!
interface GigabitEthernet0.20
encapsulation dot1Q 20 native
bridge-group 1
!
interface BVI1
mac-address 00ed.b184.2174
ip address dhcp
++++++++++++++++++++

finnally cisco wireless AP int bvi 1 not assigned IP from cisco router DHCP

++++++++++++++++++++
ap#sh ip int bri | i bvi
BVI1 unassigned YES DHCP up up
ap#
++++++++++++++++++++

but I see IP has been assigned by cisco router DHCP server:

++++++++++++++++++++
gate#sh ip dhcp bin

-= ommited for briefly=-

192.168.172.50 0063.6973.636f.2d30. Aug 27 2019 01:07 PM Automatic
3065.642e.6231.3834.
2e32.3137.342d.4256.
31
gate#
++++++++++++++++++++

whenever run debug dhcp at cisco wireles AP and debug ip dhcp packets at cisco DHCP server I've fount DHCP serverr got discover and sent offer messages proposing IP 192.168.172.50 in this case

++++++++++++++++++++
Aug 27 13:33:14 gate.sidko.org 070013: Aug 27 13:33:14.078: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d30.3065.642e.6231.3834.2e32.3137.342d.4256.31 on interface Vlan12.
Aug 27 13:33:14 gate.sidko.org 070020: Aug 27 13:33:14.078: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d30.3065.642e.6231.3834.2e32.3137.342d.4256.31 (192.168.172.50).DHCPD: Setting only requested parameters
++++++++++++++++++++

but cisco wireless client doesn't get them and sending discover again

++++++++++++++++++++
*Mar 1 00:41:32.687: DHCP: SDiscover attempt # 3 for entry:
*Mar 1 00:41:32.687: Temp IP addr: 0.0.0.0 for peer on Interface: BVI1
*Mar 1 00:41:32.687: Temp sub net mask: 0.0.0.0
*Mar 1 00:41:32.687: DHCP Lease server: 0.0.0.0, state: 3 Selecting
*Mar 1 00:41:32.687: DHCP transaction id: 124F
*Mar 1 00:41:32.687: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
*Mar 1 00:41:32.687: Next timer fires after: 00:00:04
*Mar 1 00:41:32.687: Retry count: 3 Client-ID: cisco-00ed.b184.2174-BV1
*Mar 1 00:41:32.687: Client-ID hex dump: 636973636F2D303065642E623138342E
*Mar 1 00:41:32.687: 323137342D425631
ap#
*Mar 1 00:41:32.687: Hostname: ap
*Mar 1 00:41:32.687: DHCP: SDiscover placed class-id option: 436973636F204150383031
*Mar 1 00:41:32.687: DHCP: SDiscover: sending 302 byte length DHCP packet
*Mar 1 00:41:32.687: DHCP: SDiscover 302 bytes
*Mar 1 00:41:32.687: B'cast on BVI1 interface from 0.0.0.0
ap#
*Mar 1 00:41:36.687: DHCP: QScan: Timed out Selecting state
ap#%Unknown DHCP problem.. No allocation possible
++++++++++++++++++++

Could you guys help?

Thank you.

2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Andriy,

 

as far as I know about IPtables in Linux system the Forward CHAIN should be used.

In your case the FORWARD CHAIN has 0 packets.

You may need to enable either IP routing or bridging on the third party AP to make possible DHCP communication between server and client.

The two Cisco devices look like to be configured correctly and the debug output also shows expected output.

 

You lab setup is not usual as the common setup is to have the AP connected to a POE enabled switch port and to get an IP address on the wired giga interface.

It looks like you would like to get an IP address on WIFI via the third party AP.

The DHCP request has a broadcast destination , the DHCP offer should have a unicast destination that should be Cisco device MAC address.

The third party AP looks like to be able to propagate broadcast frames but to block unicast frames with a destination different from their own MAC address.

 

Hope to help

Giuseppe

 

Hi Giuseppe.

 

Thank you for your email.

 

iptables is nor filtering any packets because it's it flush (permit any) state. All chains (input, output, forward, pre&post routing in ACCEPT state for all tables: filter, nat and mangle

 

Moreover, whenever I'm connecting my android phone to "a81m-guest" SSID I got  right IP, wireshark screenshot attached. (attachment name DHCP-client-android-phone) Just regular DHCP process: discover, offer, request, acknowledgment.

But.... Cisco 891W router acting as uWGB to thirst party AP and requesting IP from DHCP server (cisco 2921) got in stack in offer,  no request

(attachment file name: DHCP-client-cisco-891w)

 

Anyway, do you have fresh idea what it could be?

 

p.s. LAB is need to do unusual things no well known  ones. :) Actually I just need to connect nearest building to corporate network by using universal WBG.

 

Thank you Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco