cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3188
Views
5
Helpful
20
Replies

4400 WLC - AP Client routing issue

cbeaufoy
Level 1
Level 1

Cisco 4404 WLC

AP 1240 - LWAP

Wireless client receives a DHCP address from central DHCP server fine.

Unable to route outside of own subnet -

Continuous ARP WHO HAS (Default Gateway addr) TELL (client IP) messages being received

WLC running OS 4.2.99.0

If anyway one can help with this problem it would be great. Thanks.

20 Replies 20

Scott Fella
Hall of Fame
Hall of Fame

Well client receives an IP from a central site... So is the WLC located on that central site or not. If the ap's are in local mode, then all client traffic will be egress out of the WLC and into the switch the WLC is connected to. If the ap's are H-REAP, then they will be placed out onto the local site where the ap is located.

How is everything setup so it makes it clear how you should have it configured.

WLC IP, WLC vlan, WLC location, Client IP, Client Vlan.... etc.

-Scott
*** Please rate helpful posts ***

WLC Mgmt 10.201.70.170 (vlan 1 on local office switch)

Client IP 10.201.71.36 (vlan 60 on local office switch with DHCP helper configured as overseas DHCP server). Default gateway 10.201.71.1

AP switch port set to VLAN 9 (AP Mgmt VLAN)

AP Joins WLC, User authenticates ok via PEAP ACS server, DHCP address (10.201.71.36) received ok via MetaIP DHCP server -following message repeated in wire shark:

ARP who has 10.201.71.1 Tell 10.201.71.36

Setup a dhcp on the wlc temporary and see if the clients get an ip address and can route outside the subnet. Or configure a static IP and run a trace route to an outside ip address and see where it fails. You can configure a port on the switch for vlan 60, connect a laptop to it and see if you have any issues. Are you doing any Nat?

-Scott
*** Please rate helpful posts ***

OK - I set up a scope on the WLC and this works fine.

Okay, so routing works fine.... now remove that and let the dhcp server hand out the ip address. When the user authenticates and gets an ip address, do an ipconfig and verify the settings.

-Scott
*** Please rate helpful posts ***

Yep - i can confirm that the DHCP server mask, gateway etc. are all correct.

Also - when using the same subnet on Autonomous AP's everything is fine. This only seems to be an issue on LWAPs

So if you try to ping the default gateway, you timeout?

-Scott
*** Please rate helpful posts ***

Yep - timeout.

And loads of ARP who has 'default-gateway' messages

Almost like the configuration on the client when it gets an ip address is corrupt. You already tested that when you create a scope on the wlc it works. Try to configure this on the cli: config dhcp proxy disable

-Scott
*** Please rate helpful posts ***

Tried that - but without the proxy enabled it can't get a DHCP address is any case.

Your management and ap-manager should be on the same vlan and should be set to "0" for untagged and if you are using vlan 1, then you don't have to worry about native vlan. Post your show run-config... makes it easier to verify your configuration.

-Scott
*** Please rate helpful posts ***

Thanks - yes both mgr and ap-mgr and on vlan 1 (untagged 0)

The attached config is how i left it with a locally configured WLC DHCP scope working.

Looks like when you had dhcp working was when you had the defaul gateway configured as 10.201.71.129 not 10.201.71.1 which you have on the other dhcp server overseas. You need to make sure the scope on the dhcp server looks like this:

Network 10.201.71.128

Netmask 255.255.255.128

Default Routers 10.201.71.129

-Scott
*** Please rate helpful posts ***

The subnet on the MetaIP DHCP server is 71.0/25 with DG 71.1

This is correct on the client machine when assigned using the WLC as a relay.

It also works fine when using autonomous AP's and the MetaIP server.

This has really got me foxed and i've requested a brand new /24 scope on the DHCP server with the WLC added to the bind interface. This should rule out any anomalies with the 71.0/25 subnet. I hope to be able to test all this on Friday if the new subnet is assigned to me in time.

Thanks for your help. Please let me know if you have any other suggestions.

Review Cisco Networking for a $25 gift card