Solved: Question on a WLC 5508

waqas gondal · ‎03-03-2014

Hi,

I have a 5508 which is connected to 4 APs and is broadcasting SSIDs fine.

The problem is when users try to connect, they are not able to get a DHCP address. I have it pointing to a server in another subnet with an ASA being the relay agent.

I have tried disabling the DHCP proxy but that did not help.

Even with the internal DHCP configured on the WLC users still cannot get a DHCP.

Any input would be awesome.

Cheers,

Waqas

George Stefanick · ‎03-03-2014

Hello,

If you want the controller to hand out DHCP a few things to keep in mind and double check

- Make sure proxy is enabled on the WLC

- Make sure your dynamic interface tied to your WLAN interface has the controllers management IP address for a DHCP server in the dynamic interface

- Make sure your scopes are correct on the WLC

If you want to use the ASA as a relay agent:

- If you have an ACL make sure you are allowing the dynamic interface IP address NOT the management address of the WLC. DHCP is sourced from the dynamic interface

Check on these and let me know ..

Also what is doing your DHCP ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎03-03-2014

Did you have a chance to check the settings?

if you disable proxy then you need to use an IP helper.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎03-03-2014

Progress.. We like forward progress.

I know if you use the ASA as a DHCP server you need to turn off proxy on the WLC.

Since you arent and just passing through you are ok to leave proxy on. This is how we have ours configured.

On the ASA double checking the following:

- Dynamic interface on the WLC is allowed through the ASA.

- See if you can lessen the rules on the ASA and see if traffic starts to flow.

- Turn on capture on teh ASA and see of you see traffic coming into the interface

- Connect and give yourself an ipaddress manually and see if you can ping the DHCP server (make sure ACL rules allow).

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

George Stefanick · ‎03-03-2014

Hello,

If you want the controller to hand out DHCP a few things to keep in mind and double check

- Make sure proxy is enabled on the WLC

- Make sure your dynamic interface tied to your WLAN interface has the controllers management IP address for a DHCP server in the dynamic interface

- Make sure your scopes are correct on the WLC

If you want to use the ASA as a relay agent:

- If you have an ACL make sure you are allowing the dynamic interface IP address NOT the management address of the WLC. DHCP is sourced from the dynamic interface

Check on these and let me know ..

Also what is doing your DHCP ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

waqas gondal · ‎03-03-2014

Hi,

Thanks for the reply,

I am using an open source software called packet fence. It was not my choice but my manager wanted it to control the wireless users. The management IP range is 192.168.90.0 /24. The guest user SSID is 192.168.70.0 /24. The scope on the WLC was 192.168.70.0 /24.

Thanks,

Waqas

George Stefanick · ‎03-03-2014

Did you have a chance to check the settings?

if you disable proxy then you need to use an IP helper.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

waqas gondal · ‎03-03-2014

When I used the dhcp relay on the ASA the proxy was disabled on the WLC. I'm not sure if the issue is the relay not working properly, the WLC is not passing DHCP requests or if the DHCP is not responding.

George Stefanick · ‎03-03-2014

Ok,

Can you ping the dynamic interface on the WLC and does it respond?

Can you do a command on the WLC with the dynamic interface in question. Example below:

(WiSM-slot1-1) >show interface detailed guest

Interface Name................................... guest

MAC Address...................................... 00:1b:54:d4:1e:22

IP Address....................................... 10.211.0.11

IP Netmask....................................... 255.255.0.0

IP Gateway....................................... 10.211.0.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 248

Quarantine-vlan.................................. 0

Active Physical Port............................. LAG (29)

Primary Physical Port............................ LAG (29)

Backup Physical Port............................. Unconfigured

Primary DHCP Server.............................. 10.110.20.112

Secondary DHCP Server............................ 10.110.20.111

DHCP Option 82................................... Disabled

ACL.............................................. Unconfigured

AP Manager....................................... No

Guest Interface.................................. No

L2 Multicast..................................... Enabled

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

waqas gondal · ‎03-03-2014

Yes I can,

And I got the DHCP working on the WLC according to your explaination. Now I need to figure out the DHCP relay agent and the DHCP server.

Cheers,

Waqas

George Stefanick · ‎03-03-2014

Progress.. We like forward progress.

I know if you use the ASA as a DHCP server you need to turn off proxy on the WLC.

Since you arent and just passing through you are ok to leave proxy on. This is how we have ours configured.

On the ASA double checking the following:

- Dynamic interface on the WLC is allowed through the ASA.

- See if you can lessen the rules on the ASA and see if traffic starts to flow.

- Turn on capture on teh ASA and see of you see traffic coming into the interface

- Connect and give yourself an ipaddress manually and see if you can ping the DHCP server (make sure ACL rules allow).

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎03-03-2014

Let me also add:

Make sure in the dynamic interface you have the ip address of the DHCP server.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

waqas gondal · ‎03-03-2014

Hmm,

The packet capture on the ASA shows that DHCP packets are only being sent on management VLAN 192.168.90.0 /24. The IP of the DHCP is 192.168.90.35, this is specified on the dynamic interface. The traffic for the dynamic interface Vlan 70 (192.168.70.0/24) is being routed through the management interface and then sent to the ASA. But I don't see the DHCP server responding.

This is the part where I can say its not my fault!

Thank you very much for your help George!

Waqas

George Stefanick · ‎03-03-2014

Youre saying the DHCP packet is coming from the managment interface ? Thats not how it works actually, DHCP is sourced from dynamic interface. In fact, the WLC doesnt route its a layer 2 device.

What code if your WLC?

Are you LAG or PORTS ?

How are you trucks and VLAN configured ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
__________________________________________________
"Im like bacon, I make your wireless better"

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

waqas gondal · ‎03-03-2014

Crap I just left work so I don't know the exact version, but is definatly above 7.0

The WLC is connected on its first port to a switch which is a trunk port allowing all VLANs. The management VLAN is untagged.

From the ASA I can ping all the dynamic interfaces on the WLC and the DHCP server at 192.168.90.35

I will have to continue troubleshooting this tomorrow because I am not in front of the WLC anymore.

But thanks again for your help!