Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9276
Views
7
Helpful
24
Replies

Catalyst 9800 dhcp issue

stefxoxo
Level 1
Level 1

‎07-12-2021 10:36 AM

Hi,

Our deployment is currently composed by:

- Catalyst 9800-40 release Amsterdam 17.3.3 (upgrade performed from the default version 16.12.02s) - Access Point 9120AX

We are not allowed to configure the helper address on the Gateway (Firewall Checkpoint).

During the test phase the following problem has been checked: issue with the IP release for the Clients connected to the new AP 9120 AX in local mode (no flexconnect central switching/local).

 

 

We configure :

 

Interface vlan 222

description management_plane

ip address y.y.y.y

 

interface vlan 111

description dataplane

ip address x.x.x.x

ip helper-address x.x.x.x

ip dhcp relay source-interface vlan 222

 

ip route 0.0.0.0 0.0.0.0 y.y.y.1

 

Do we have to configure something else ? the client don't receive the ip address .

 

 

Thank you

0 Helpful
24 Replies 24

Arshad Safrulla
VIP Alumni
VIP Alumni

‎07-14-2021 04:01 PM

You can configure the DHCP relay in the Checkpoint firewall, it is supported for a very long time in checkpoints.

remove all DHCP related configuration from the WLC and only configure the dhcp relay in the firewall, client DHCP traffic gets bridged at the controller in the client VLAN mapped to the SSID. So no need for any relays or helpers in WLC

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

stefxoxo
Level 1
Level 1

‎07-14-2021 10:58 PM

Yes, this can be a solution but at the moment us i told is not possible (from the customer).

 

We will try the 17.5 release that use the same behavior of the aireos.

 

Thx Stef

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni
In response to stefxoxo

‎07-15-2021 07:23 AM

Can you add the command ip routing, when you enable ip helper address it is compulsory to have routing.

 

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

stefxoxo
Level 1
Level 1

‎07-15-2021 08:06 AM - edited ‎07-15-2021 09:04 AM

Tested with release 17.5 and do not work !! yes ip routing is enabled.

The dhcp request go out from the management interface, and the dhcp is not able to allocate the ip. 

The behaviour is not ported on the new cat98

 

 

0 Helpful

Rich R
VIP
VIP
In response to stefxoxo

‎07-15-2021 09:23 AM

I already told you:

- It's not the same as AireOS - having trantrums will not change that.  If you want to use 9800 then learn to work with the 9800 design.

- It does work - we have it working with live customers in service.

 

So get packet captures on 9800 and DHCP server, get debugs/logs on your DHCP server, check them and work out why it is not working then fix the cause.  Very likely a config error somewhere on 9800 or DHCP server.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

stefxoxo
Level 1
Level 1

‎07-16-2021 05:35 AM

maybe you have a different dhcp server, how did you manage the option 82 ? 

 

we have MS 2019

0 Helpful

Rich R
VIP
VIP
In response to stefxoxo

‎07-16-2021 06:15 AM

We don't use option 82.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

siolekhnovich1
Level 1
Level 1

‎02-14-2022 09:16 AM

Realize, that it might be slightly late for the reply. We ran in similar issues. In our case we were refreshing Anchor controller in DMZ to new 9800 vWLC.  Management IP is configured as the DHCP relay source address.

1) Option 82 has to be used in this case (sub-option 5 "Link selection" is needed to specify the pool for IP assignment).

It was required to change default setting under config mode from cisco proprietary (150) to the standard (5) sub-option: 

ip dhcp compatibility suboption link-selection standard

2) We are using DHCP Servers on Windows Servers 2016 (I believe it is earliest version supporting option 82). One of the requirements is to have valid DHCP scope for the dhcp relay source ip and it is being use for the "authorization" of the DHCP request. For that purposes we have created small scope with few ip addresses in the same Vlan where management interface is configured.

3) IP helper-address has to be configured under SVI and "ip dhcp relay source-interface xxx" specified.

 

I hope it helps

ammahend
VIP
VIP

‎02-14-2022 09:54 AM

can you remove

ip dhcp relay source-interface vlan 222

and try please.

-hope this helps-
0 Helpful

siolekhnovich1
Level 1
Level 1
In response to ammahend

‎02-14-2022 10:37 AM

You can’t do it, the default gateway is configured on the management Vlan only.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card