WLC Mgmt 10.201.70.170 (vlan 1 on local office switch)

Client IP 10.201.71.36 (vlan 60 on local office switch with DHCP helper configured as overseas DHCP server). Default gateway 10.201.71.1

AP switch port set to VLAN 9 (AP Mgmt VLAN)

AP Joins WLC, User authenticates ok via PEAP ACS server, DHCP address (10.201.71.36) received ok via MetaIP DHCP server -following message repeated in wire shark:

ARP who has 10.201.71.1 Tell 10.201.71.36

Setup a dhcp on the wlc temporary and see if the clients get an ip address and can route outside the subnet. Or configure a static IP and run a trace route to an outside ip address and see where it fails. You can configure a port on the switch for vlan 60, connect a laptop to it and see if you have any issues. Are you doing any Nat?

OK - I set up a scope on the WLC and this works fine.

Okay, so routing works fine.... now remove that and let the dhcp server hand out the ip address. When the user authenticates and gets an ip address, do an ipconfig and verify the settings.

Yep - i can confirm that the DHCP server mask, gateway etc. are all correct.

Also - when using the same subnet on Autonomous AP's everything is fine. This only seems to be an issue on LWAPs

So if you try to ping the default gateway, you timeout?

Yep - timeout.

And loads of ARP who has 'default-gateway' messages

Almost like the configuration on the client when it gets an ip address is corrupt. You already tested that when you create a scope on the wlc it works. Try to configure this on the cli: config dhcp proxy disable

Tried that - but without the proxy enabled it can't get a DHCP address is any case.

Your management and ap-manager should be on the same vlan and should be set to "0" for untagged and if you are using vlan 1, then you don't have to worry about native vlan. Post your show run-config... makes it easier to verify your configuration.

Thanks - yes both mgr and ap-mgr and on vlan 1 (untagged 0)

The attached config is how i left it with a locally configured WLC DHCP scope working.

Looks like when you had dhcp working was when you had the defaul gateway configured as 10.201.71.129 not 10.201.71.1 which you have on the other dhcp server overseas. You need to make sure the scope on the dhcp server looks like this:

Network 10.201.71.128

Netmask 255.255.255.128

Default Routers 10.201.71.129

The subnet on the MetaIP DHCP server is 71.0/25 with DG 71.1

This is correct on the client machine when assigned using the WLC as a relay.

It also works fine when using autonomous AP's and the MetaIP server.

This has really got me foxed and i've requested a brand new /24 scope on the DHCP server with the WLC added to the bind interface. This should rule out any anomalies with the 71.0/25 subnet. I hope to be able to test all this on Friday if the new subnet is assigned to me in time.

Thanks for your help. Please let me know if you have any other suggestions.