Cannot see DHCP discover packets from 2504 controller

jimocon09 · ‎06-12-2017

Hi Everyone,

Am i Right in thinking that the Cisco 2504 controller is capable of forwarding DHCP requests to a virtual or physical DHCP server? I've put Wireshark on the same vlan as the controller management interface and I can't see any Discover packets leaving the controller to the DHCP server?

Help!

Rasika Nayanajith · ‎06-15-2017

Yes, it is capable as long as you configure interfaces properly.

Which interface or vlan is mapped to SSID ? Post "show interface detailed x" output where x is the interface mapped to SSID

HTH

Rasika

jimocon09 · ‎06-15-2017

Hi Rasika,

Thanks for getting back, really enjoy your blog btw.

I have attached an output of the controller in addition to the wireshark output on the controller LAN. I have only one DHCP on the network, which is the MS DHCP.

Rasika Nayanajith · ‎06-15-2017

Hi Jim,

Good to know that you enjoy reading my blog :)

If possible pls attach that wireshark capture & let us know the client mac address.

I hope SSID is map to management interface properly, if not sure "show wlan <wlan_id>" output will confirm it.

Also you can do a debug on WLC to see what it tells about current issue

https://mrncciew.com/2014/10/15/wlc-client-debug-part-1/

HTH

Rasika

jimocon09 · ‎06-16-2017

Hi Rasika,

My client MAC address is 8c:29:37:de:84:72. I also have included the DHCP dump and the frame dump. Seems to be stuck on the discover phase.

The interface for the vlan in question is however not aligned to the management interface as it is currently on a different vlan with the DHCP portion pointing to 192.168.50.105 which is the DHCP server. 192.168.50.106 is the virtual interface for the VM.

Thanks,

Jim

(Cisco Controller) >debug client 8c:29:37:de:84:72

(Cisco Controller) >*apfMsConnTask_5: Jun 16 23:28:56.387: 8c:29:37:de:84:72 Updating 11r vendor IE

*osapiBsnTimer: Jun 16 23:28:59.221: 8c:29:37:de:84:72 apfMsExpireCallback (apf_ms.c:637) Expiring Mobile!
*apfReceiveTask: Jun 16 23:28:59.222: 8c:29:37:de:84:72 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Jun 16 23:28:59.222: 8c:29:37:de:84:72 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [3c:08:f6:ca:9d:80]
*apfReceiveTask: Jun 16 23:28:59.222: 8c:29:37:de:84:72 apfMs1xStateDec
*apfReceiveTask: Jun 16 23:28:59.222: 8c:29:37:de:84:72 Deleting mobile on AP 3c:08:f6:ca:9d:80(1)
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Updating 11r vendor IE

*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Processing assoc-req station:8c:29:37:de:84:72 AP:3c:08:f6:ca:9d:80-01 thread:1a6c79a0
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Adding mobile on LWAPP AP 3c:08:f6:ca:9d:80(1)
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Association received from mobile on BSSID 3c:08:f6:ca:9d:8e AP AP3c08.f6be.d2f4
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Station: 8C:29:37:DE:84:72 trying to join WLAN with RSSI 206. Checking for XOR roam conditions on AP: 3C:08:F6:CA:9D:80 Slot: 1
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Station: 8C:29:37:DE:84:72 is associating to AP 3C:08:F6:CA:9D:80 which is not XOR roam capable
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Global 200 Clients are allowed to AP radio

*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Max Client Trap Threshold: 0 cur: 0

*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Rf profile 600 Clients are allowed to AP wlan

*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 override for default ap group, marking intgrp NULL
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Applying Interface(management) policy on Mobile, role Unassociated. Ms NAC State 0 Quarantine Vlan 0 Access Vlan 0

*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Not re-applying interface policy for local switching Client

*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 0.0.0.0 START (0) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2931)
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 0.0.0.0 START (0) Changing Url ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2951)
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 0.0.0.0 START (0) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2972)
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type, Tunnel User - 0
*apfMsConnTask_5: Jun 16 23:29:04.114: 8c:29:37:de:84:72 Setting the NAS Id to WLAN specific Id 'JNET'
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 In processSsidIE:6509 setting Central switched to FALSE
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Set Clinet MSCB as Central Association Disabled
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Applying site-specific Local Bridging override for station 8c:29:37:de:84:72 - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Applying Local Bridging Interface Policy for station 8c:29:37:de:84:72 - vlan 50, interface id 0, interface 'management'
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Set Clinet Non AP specific WLAN apfMsAccessVlan = 242
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 This apfMsAccessVlan may be changed later from AAA after L2 Auth
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Applying site-specific Local Bridging override for station 8c:29:37:de:84:72 - vapId 2, site 'default-group', interface 'management'
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Applying Local Bridging Interface Policy for station 8c:29:37:de:84:72 - vlan 50, interface id 0, interface 'management'
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Local Sw Central DHCP roam. VLAN mismatch.Request re-auth. AAA vlanid:0,ori loc:null-group,access vlan:242
*apfMsConnTask_5: Jun 16 23:29:04.115: 8c:29:37:de:84:72 Scheduling deletion of Mobile Station: (callerId: 22) in 3 seconds
*apfMsConnTask_5: Jun 16 23:29:04.116: 8c:29:37:de:84:72 Got action frame from this client.
*osapiBsnTimer: Jun 16 23:29:07.021: 8c:29:37:de:84:72 apfMsExpireCallback (apf_ms.c:637) Expiring Mobile!
*apfReceiveTask: Jun 16 23:29:07.022: 8c:29:37:de:84:72 pemApfDeleteMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfReceiveTask: Jun 16 23:29:07.022: 8c:29:37:de:84:72 0.0.0.0 DHCP_REQD (7) Deleted mobile LWAPP rule on AP [3c:08:f6:ca:9d:80]
*apfReceiveTask: Jun 16 23:29:07.022: 8c:29:37:de:84:72 apfMs1xStateDec
*apfReceiveTask: Jun 16 23:29:07.022: 8c:29:37:de:84:72 Deleting mobile on AP 3c:08:f6:ca:9d:80(1)
*emWeb: Jun 16 23:30:09.369: Configuring IPv6 ACL for WLAN:2, aclName passed is NULL
*emWeb: Jun 16 23:30:09.372: WLAN security policy configuration update received. Policy map: 4000

*emWeb: Jun 16 23:30:09.372: WLAN security policy configuration update received. Policy map: 4000

*emWeb: Jun 16 23:30:09.372: Non-FT mode , Resetting FT AKMs 1

*emWeb: Jun 16 23:30:09.374: 11i elem adaptive akm 3 set at 19
*emWeb: Jun 16 23:30:09.374: RSNIE Data: (64)

*emWeb: Jun 16 23:30:09.375: [0000] 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00

*emWeb: Jun 16 23:30:09.375: [0016] 00 0f ac 01 28 00 00 00 00 00 00 00 00 00 00 00

*emWeb: Jun 16 23:30:09.375: [0032] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

*emWeb: Jun 16 23:30:09.375: [0048] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

*emWeb: Jun 16 23:30:09.375: Created WARP Capabilities IE (length 12) for WLAN JNET
*spamReceiveTask: Jun 16 23:30:09.376: Auth type sent to AP = 2
*spamReceiveTask: Jun 16 23:30:09.376: Auth type = 2
*spamReceiveTask: Jun 16 23:30:09.376: Auth type sent to AP = 2
*spamReceiveTask: Jun 16 23:30:09.376: Auth type = 2

dot1x · ‎06-30-2017

Hi,

I have kinda similar situation.

Currently we have APs in Flexconnect Mode-Local switching. APs and clients get IP addresses from external DHCP Server.

We want to add another WLAN to assign IP addresses to clients using WLC Internal DHCP Server.

We have created an interface and assigned WLC's IP address as the DHCP Server.

Defined a DHCP Scope.

Added the WLAN to the right AP Group and Flexconnect Group.

Mapped the WLAN to the correct VLAN in WLAN-VLAN mapping.

Allowed VLAN on all the trunk ports the APs are connected to.

The clients don't get IP address.

Any suggestions what am I doing wrong here?

Scott Fella · ‎06-30-2017

You should open a new thread to make it easy for others to search.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

jimocon09 · ‎07-01-2017

It's a difficult one isn't it, but I did get the internal DHCP server to work for us in Flexconnect mode.

Firstly in the Flexconnect Group make sure you have defined central DHCP service. Also make sure you have the correct WLAN to VLAN mapping on the last tab (I'm sure you have:)

Secondly, ensure there is a dedicated interface for the WLAN on the controller. Define the management interface of the controller as the DHCP server.

Thirdly ensure that you have the DHCP proxy enabled on the interface, and that you obviously have the correct scope in place on the controller.

No Ip helpers on the local vlan interface.

Worked with version 8.3 on a 2504 controller in FC central auth / local switching

Also suggest disabling then enabling the SSID when you have completed the configuration

HTH

Jim

dot1x · ‎07-02-2017

Hi Jim,

Thanks for your reply.

"Firstly in the Flexconnect Group make sure you have defined central DHCP service"

The Flexconnect Group I put my new WLAN in, has already got a couple of WLANs (Users connected to those WLANs get IP addresses from External DHCP Server).

Would that be an issue?