Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2272
Views
5
Helpful
13
Replies

C9800-CL: client don't get IP address from internal DHCP server

Go to solution
Tenere
Level 1
Level 1

‎09-09-2022 12:25 AM - edited ‎09-09-2022 12:25 AM

Good morning from Germany,

in my homelab I noticed that one client (only one) don't get an IP address from my C9800-CL (17.9.1). All other clients (phones, laptops, a camera, even a washing machine) can connect like desired.

My setup:
I have a C9800-CL (17.9.1) with two 9115AIX. The clients asociating with the WLAN in question (172.20.2.0/24; VLAN100) get their IP adresses from the internal DHCP server on the C9800. In policy profile of the mentioned WLAN in the Advenced tab the checkbox "IPv4 DHCP Required" is ticked and the IP address of the C9800 (192.168.178.229) is registered in the field "DHCP Server IP Address". The size of the DHCP scope is sufficient.

Processing the radioactive trace in the Cisco Wireless Debug Analyzer shows the following:

 

2022/09/09 05:01:56.830client-orch-smClient made a new Association to an AP/BSSID: BSSID 5ce1.76d7.0be3, WLAN Guest_Access, Slot 0 AP 5ce1.76d7.0be0, AP-01-EG
2022/09/09 05:01:56.831dot11Association success for client, assigned AID is: 3
2022/09/09 05:01:56.831client-orch-smClient started layer 2 authentication (either dot1X or PSK)
2022/09/09 05:01:56.838client-keymgmtSent M1 for EAPOL 4-Way Handshake
2022/09/09 05:01:56.842client-keymgmtReceived and validated M2 for EAPOL 4-Way Handshake
2022/09/09 05:01:56.842client-keymgmtSent M3 for EAPOL 4-Way Handshake
2022/09/09 05:01:56.846client-keymgmtReceived and validated M4 for EAPOL 4-Way Handshake
2022/09/09 05:01:56.846client-keymgmtNegotiated the following encryption mechanism: AKM:PSK Cipher:CCMP WPA Version: WPA2
2022/09/09 05:01:56.846client-authClient successfully completed Pre-shared Key authentication. Assigned VLAN: 100
2022/09/09 05:01:56.846client-orch-smClient passed layer 2 authentication
2022/09/09 05:01:56.846client-orch-smPolicy profile is configured for local switching
2022/09/09 05:01:56.846client-orch-stateStarting Mobility Anchor discovery for client
2022/09/09 05:01:56.848avc-afcAVC is enabled for the client session
2022/09/09 05:01:56.849client-orch-stateEntering IP learn state
2022/09/09 05:01:57.697auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:01:57.697sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:01:57.697auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:01:57.697sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:01:59.956auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:01:59.956sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:02:04.602auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:02:04.602sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:02:12.926auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:02:12.926sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:02:30.516client-iplearn 
2022/09/09 05:03:32.586auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:03:32.586sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:03:34.766auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:03:34.766sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:03:38.206auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:03:38.206sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:03:45.256auth-mgr-feat_dsensorNot performing DHCP profiling as it is not enabled
2022/09/09 05:03:45.256sisf-packetSending DHCP Discover to: 255.255.255.255 on vlan 100 through gateway 0.0.0.0
2022/09/09 05:03:56.850client-orch-smController initiated client deletion with code: CO_CLIENT_DELETE_REASON_IPLEARN_CONNECT_TIMEOUT. Code means: Client timed out while trying to get an IP address
2022/09/09 05:03:56.854dot11Disassociation packet sent with code status: 108

To me it looks like the client associates with the AP but the DHCP server don't get the Discover. As mentioned this is the only client which causes trouble.

Please advise and any hints and comments are welcome!

Regards,

Jörg

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rich R
VIP
VIP

‎09-27-2022 03:56 AM

You have the WLAN configured for local switching so DHCP is going out on the local VLAN on the switch which the AP is connected to.
Internal DHCP can only ever work for a centrally switched WLAN.

2022/09/27 10:33:39.991

client-orch-sm

Policy profile is configured for local switching
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

View solution in original post

13 Replies 13

Go to solution
marce1000
VIP
VIP

‎09-09-2022 02:17 AM

 

 - Check network settings for the particular client , make sure that  the dhcp is set in network settings (/configured) to acquire an address.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Tenere
Level 1
Level 1
In response to marce1000

‎09-09-2022 02:23 AM

Hallo M.,

thanks for your answer.

I can't really check the network settings. I can only connect to the client with an app (Siemens HomeConnect) where I can only specify SSID and PSK.

The client expect a DHCP server.

Jörg

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to Tenere

‎09-09-2022 02:34 AM

 

                                >....I can't really check the network settings.

 I am sorry but consider this a 'vital initial step' , for tracking the problem ,  also check this bug report https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt37259 , finally albeit being a single client problem it is always useful to review the current C9800-CL configuration with the CLI command : show  tech   wireless , have the output analyzed by  https://cway.cisco.com/tools/WirelessAnalyzer/  , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer.               Checkout all advisories!

 M.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Tenere
Level 1
Level 1
In response to marce1000

‎09-09-2022 02:45 AM - edited ‎09-09-2022 02:49 AM

Thanks and I know that thos is vital! This app is designed for Joe Sixpack
I can rule out the bug. Tried the workaround w/o success. 

Obviously the output of "sh tech wireless" can't be processed by the Wireless Analyzer. The output is empty.

THANKS!!

0 Helpful

Go to solution
marce1000
VIP
VIP
In response to Tenere

‎09-09-2022 03:07 AM

 

             >...Obviously the output of "sh tech wireless" can't be processed by the Wireless Analyzer. The output is empty.

 (Obviously ?) -> This usually doesn't happen and I have  mentioned it to lots of people so far. Make sure the wireless is appended to the end of the show tech  command as mentioned, make sure the file input to Wireless Analyzer is native and does not contains something else.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
ammahend
VIP
VIP

‎09-09-2022 03:43 AM

Seems buggy, disable DHCP required and try again see if it gets DHCP address. 
I am assuming other clients getting address are in same vlan 100

-hope this helps-
0 Helpful

Go to solution
Tenere
Level 1
Level 1
In response to ammahend

‎09-09-2022 04:12 AM

Exactly.
All other clients are in VLAN100.
I tried to disable DHCP required without success.
0 Helpful

Go to solution
ammahend
VIP
VIP
In response to Tenere

‎09-10-2022 04:51 AM

I had a similar issue in different iOSxe platform, clearing dhcp binding resolved the issue for me. You can give it a shot. 

-hope this helps-
0 Helpful

Go to solution
Tenere
Level 1
Level 1
In response to ammahend

‎09-10-2022 05:01 AM

Thanks for the hint.

But unfortunately there is no DHCP binding for this network configured.


0 Helpful

Go to solution
Rich R
VIP
VIP

‎09-14-2022 07:12 AM

All other clients are in VLAN100.
But unfortunately there is no DHCP binding for this network configured.
If all the other clients are in the same VLAN 100 then you *must* have bindings for them if they are working.
- Get a packet capture of the DHCP to (if any) and from the client and take a close look at that.
- Debug the DHCP server on the WLC
https://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/27470-100.html#anc87 (not all those may apply to 9800 and I would not "debug ip udp" because all your CAPWAP is UDP!)
- do a conditional packet trace on the DHCP packets from the client to see if IOS-XE is dropping them for some odd reason.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-9/config-guide/b_wl_17_9_cg/m_debug_ra_ewlc.html#id_97897

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
Tenere
Level 1
Level 1
In response to Rich R

‎09-27-2022 01:59 AM

Hello,

of course there's a binding but I mixed it up with "mac/ip static binding" in DHCP. Sorry for the confusion.

The client is still stuck in "IP learning state" but I have no idea how to debug the internal DHCP.
I used this as a guide.

I gave up and set up a new WLAN which is now working as planned (internal DHCP, VLAN100, everything's fine).

BUT

I set up another VLAN (VLAN20), configured a SVI and WLAN for VLAN20, configured a new DHCP scope on the internal DHCP server and copied the settings from the WLAN on VLAN100 by hand. Now all clients stuck in IP learning state.

TimeTaskTranslated

2022/09/27 10:33:39.977client-orch-smClient made a new Association to an AP/BSSID: BSSID 5ce1.76d7.0bef, WLAN IoT, Slot 1 AP 5ce1.76d7.0be0, AP-01-EG
2022/09/27 10:33:39.978dot11Association success for client, assigned AID is: 5. Client performed fast roam.
2022/09/27 10:33:39.991client-keymgmtNegotiated the following encryption mechanism: AKM:FT-PSK Cipher:CCMP WPA Version: WPA2
2022/09/27 10:33:39.991client-authClient successfully completed Pre-shared Key authentication. Assigned VLAN: 20
2022/09/27 10:33:39.991client-orch-smPolicy profile is configured for local switching
2022/09/27 10:33:39.991client-orch-stateStarting Mobility Anchor discovery for client
2022/09/27 10:33:39.994client-orch-stateEntering IP learn state

I have no idea what is different as I crosschecked the settings several times.

Does anyone have an idea what I've done wrong??

Regards,

Jörg

 

 

 

0 Helpful

Go to solution
Rich R
VIP
VIP

‎09-27-2022 03:56 AM

You have the WLAN configured for local switching so DHCP is going out on the local VLAN on the switch which the AP is connected to.
Internal DHCP can only ever work for a centrally switched WLAN.

2022/09/27 10:33:39.991

client-orch-sm

Policy profile is configured for local switching
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

Go to solution
Tenere
Level 1
Level 1
In response to Rich R

‎09-27-2022 04:17 AM - edited ‎09-27-2022 04:33 AM

No, I don’t. Yes, i did! 
I have two WLANs. One one VLAN1 and one on VLAN100. The WLAN on VLAN1 uses a central DHCP server, the other WLAN on VLAN100 uses the internal DHCP server.
Both are (now) working properly.

Yes, i did! 

VLAN 100 still used an external DHCP server I wasn't aware of that it was still active!

THANKS!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card