Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2001
Views
0
Helpful
8
Replies

Trouble with DHCP for Wireless Clients on Layer 3 Switch

Go to solution
thakissick986
Level 1
Level 1

‎03-19-2019 07:27 AM

Hello All,

 

I am having an issue with wireless clients receiving an incorrect DHCP IP address at a remote site. I have attached an image of the general layout of the network for better understanding.

 

Currently I have set up a DHCP pool on the Remote Site Core Switch that should be handing out IP Addresses for wireless clients at this location. Configuration of the DHCP pool is as follows:

 

ip dhcp pool Access_Points
network 10.26.78.0 255.255.255.0
dns-server 10.26.32.111 10.26.0.156
option 43 hex 00f1.040a.1a01.c8
default-router 10.26.78.1
domain-name blahblah.com

 

On this same Layer 3 switch I have configured the following VLAN and SVI:

 

interface Vlan28
description *** Wireless APs ***
ip address 10.26.78.1 255.255.255.0
end

 

I have also used the dhcp exclude address commands to exclude the range 10.26.78.1 - 10.26.78.10 from the DHCP pool.

 

I have the ports that the APs are connected to configured as follows:

 

interface GigabitEthernet0/20
description Downstairs Access Point
switchport trunk encapsulation dot1q
switchport trunk native vlan 28
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
end

 

The issue/unexpected behavior is that when clients from the remote site connect to the wireless at that remote site, they are getting IP addresses from a DHCP pool that is set up on my HQ core switch as opposed to the one that sits at the actual remote site. I would expect that they should be getting a lease from the DHCP pool that sits at this remote site on the Layer 3 switch there. The WLC also sits in my HQ site, and is connected directly to the HQ Core Switch.

 

I would be happy to provide any additional information the community would ask for in regards to this matter! Thanks!

 

 

 

 

network_layout_cr.png

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to thakissick986

‎03-19-2019 08:44 AM

Only start changing the DHCP proxy option if you are using the WLC as a DHCP server.

 

Regarding converting the APs to FlexConnect, doing so depends on what you are trying to achieve. It is used to bridge a remote WLAN to a local VLAN at the remote site. This does mean that those clients connect to the SSID would be able to use local DHCP pools, these would also be routed locally and depending on your configuration leave for the internet via the local gateway.

 

Most enterprise want to capture all traffic an route it centrally so that it can be correctly inspected and policed.

The only time I have seen FlexConnect in use is when we delivered APs to a users home-office. It provided two SSIDs; one was a corporate SSID tunnel back to HQ and the other SSID was 'local' and dropped the home worker onto their home network.

 

cheers,

Seb.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎03-19-2019 07:33 AM

Hi,

Question:

Why the ports connected to APs are configured as trunk and not access ports?

nterface GigabitEthernet0/20
description Downstairs Access Point
switchport trunk encapsulation dot1q
switchport trunk native vlan 28
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard enable
end

 

0 Helpful

Go to solution
thakissick986
Level 1
Level 1
In response to Reza Sharifi

‎03-19-2019 07:39 AM

Should they be configured as access ports in VLAN 28? I am new to this particular company, and walking in I see that all of the sites are configured in the way I have described where the AP ports are configured as trunk ports.

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎03-19-2019 07:35 AM

Hi there,

Unless you have configured your remote-site APs in FlexConnect mode then what you are describing is normal behaviour for a controlled based AP.

 

All client traffic will be arriving at the WLC at the central site, and the SSID will be bridged to the local wireless VLANs you have created. This is why they are using DHCP address defined at the central site.

 

cheers,

Seb.

0 Helpful

Go to solution
thakissick986
Level 1
Level 1
In response to Seb Rupik

‎03-19-2019 07:40 AM

They are configured as Local mode. They should be put into FlexConnect mode? Sorry I am not very familiar with the different modes.

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to thakissick986

‎03-19-2019 07:46 AM

Local mode would be considered a normal enterprise deployment.

It is the CAPWAP tunnel transport of your wireless client device sessions which is causing them to pick up a DHCP lease from your central pools.

 

cheers,

Seb.

0 Helpful

Go to solution
thakissick986
Level 1
Level 1
In response to Seb Rupik

‎03-19-2019 08:25 AM

Would setting the DHCP Proxy option to Disabled resolve that issue? Or would putting them into FlexConnect mode be a better solution?

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to thakissick986

‎03-19-2019 08:44 AM

Only start changing the DHCP proxy option if you are using the WLC as a DHCP server.

 

Regarding converting the APs to FlexConnect, doing so depends on what you are trying to achieve. It is used to bridge a remote WLAN to a local VLAN at the remote site. This does mean that those clients connect to the SSID would be able to use local DHCP pools, these would also be routed locally and depending on your configuration leave for the internet via the local gateway.

 

Most enterprise want to capture all traffic an route it centrally so that it can be correctly inspected and policed.

The only time I have seen FlexConnect in use is when we delivered APs to a users home-office. It provided two SSIDs; one was a corporate SSID tunnel back to HQ and the other SSID was 'local' and dropped the home worker onto their home network.

 

cheers,

Seb.

0 Helpful

Go to solution
thakissick986
Level 1
Level 1
In response to Seb Rupik

‎03-19-2019 10:23 AM

Forgive my ignorance - I have learned more now about Local vs. FlexConnect mode. I also have found that the ports connected to the APs are supposed to be configured as Access ports, and not Trunk ports.

 

If I have 2 separate DHCP pools on the Layer 3 switch, how would I go about configuring it so that I can have separate DHCP pool for clients and AP management? I know with an external DHCP server I would use ip helper address, but if I wanted to assign wireless clients to a DHCP pool on that same L3 switch, what would I need to do?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card