Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3757
Views
0
Helpful
2
Replies

3504 WLC DHCP Address Assignment "Required"

itguymc05
Level 1
Level 1

‎01-27-2022 07:14 AM

Greetings,

Can someone go into more detail regarding this feature? As far as I know and what Cisco provides it "Requires all WLAN clients to obtain an IP address from the DHCP Server." and prevents any static IP's from joining the SSID its configured on. If this feature is enabled, are clients expected to complete a full DHCP cycle (DORA) on every single instance of a device disassociation or loss of layer 1? For security purposes regarding MAC spoofing, I want the client to re-associate onto the network (after losing connection) like its a brand new client. I've been trying to make that happen but I'm not sure if it's possible. I'm not looking for a workaround, for example, lowering the lease time, SSL encryption, or dhcp-snooping but to force renew an IP from the scope to the host after re-establishing connection. 

 

Any assistance would be much appreciated.

Labels:
0 Helpful
2 Replies 2

Scott Fella
Hall of Fame
Hall of Fame

‎01-27-2022 07:40 AM - edited ‎01-27-2022 07:44 AM

That feature in simple terms means, a client that associates to the SSID needs to perform a dhcp request in order to get access to the network.  I don't use that feature, because it has caused issues in the past with some devices.  A key thing is.... "keep it simple", the more you add or tweak settings, the harder to troubleshoot and more likely to run into bug's later when you upgrade.

What you want, as far as clients re-associating back faster, is when you keep things simple. Use 802.1x EAP-TLS if you can.  I'm not a fan of lowering lease times in environments where you might have clients that are always connected and might go into sleep/hibernate.  Guest access, yes you can do that because your guest will only be there for x amount of time.  Clients that loose connection and associate right back, might not go through the dhcp process, it depends on how long until that device associates back.

-Scott
*** Please rate helpful posts ***
0 Helpful

patoberli
VIP Alumni
VIP Alumni

‎01-27-2022 07:55 AM

You can probably disable "Fast reconnect" support on the radius server to achieve this, once the EAP timer runs out. I probably wouldn't do this though, as that might cause weird "help my client takes a long while to connect to the Wi-Fi" problems. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card