It was disabled by default, but I double checked again and its disabled.

Check out the firewall settings...

Refer the link i hope it will help you

https://supportforums.cisco.com/thread/2147632

Sent from Cisco Technical Support iPhone App

What firewall settings on which device?

A Dynamic interface is configured with VLAN 101

IP in the .6.x network

Gateway is the IP of VLAN101 interface on the ASA

DHCP Server is set to the IP of the 2008 server on VLAN 1 <--- Are you routing vlan 101 traffic to be allowed to access vlan 1?

Im only allowing access to a couple VLAN1 printers, other than that though VLAN101 has no access to VLAN1.

Earlier though I did add a few ACL entries to see if that was the problem - I created a permit rule for a DHCP server, the 2504 and the one AP thats connected.

It did not help.

I wouldn't have thought an ACL would be required though since the APs I have running in autonomous mode assign IPs to users on all VLANs.

Well your gateway is the ASA, so the ASA has to allow dhcp.

I would have thought the same thing, but its never been required in the past.

I assumed the ASA allowed it since it was running a DHCP relay for those VLANs.

(maybe Im wrong here, but it worked well for a year now so I left it as such)

But just now for testing purposes I created the ACLs permitting IP for the DHCP server, as well as the WLC and AP

I then tested the access list by removing my LAN cable, and connecting to our existing Guest network.

I received an IP in the 6.x VLAN101 network like I always do and can now ping the DHCP server, WLC and AP successfully, but nothing else in VLAN1.

So communication is great between all devices.

But now I switch my wireless to the Test Guest network on the WLC and I do not get an IP.

If I give myself a static IP in VLAN101 (192.168.6.5) I can access the internet fine and cannot access anything in VLAN1 that I dont specifically have an ACL for.

Great! Everything seems to work fine as far as network configuraiton goes, but I still cannot get an IP if I set the client to DHCP

Thanks for all the help so far!

Once the smartnet is processed I guess I'll end up opening a TAC case, but was hoping to have this setup by tomorrow.

When optaining an IP-address, please use the monitoring function in ASDM or add a capture on the firewall.

You should see DHCP requests.

Thought about NAT exempts / NAT0?

You want to ping from your GuestLAN to a server in your vlan 1? Why?

It's a security issue when obtaining an IP-address from a production server for you Guestvlan.

I would use the WLC or an other DHCP-server (internet router).

I dont want to ping anything in VLAN1, I just want to get an IP from the DHCP servers there and not have to manage multiple different DHCP servers.

Using the ASA to route between VLANs I dont even have to create an ACL to allow DHCP, it just works when DHCP relay is enabled, so I dont see the security risk there.

All other communication is blocked completely except for 2 printers and it works great.

So it turns out the problem was having both autonomous APs and LWAPs with a WLC all on the same VLAN.

I created a separate test VLAN and moved the WLC and APs there, and also did have to enable DHCP proxy, then clients started receiving IP addresses.