Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2295
Views
2
Helpful
9
Replies

CISCO 9800-L Controller internal dhcp not working

amarnauth.persaud
Level 1
Level 1

‎08-01-2023 12:31 PM

Hi All,

  I have been trying to configure a guest network for my Cisco Catalyst 9800-L Wireless Controller for some days now. For the guest network, i want it to use an internal dhcp on the controller. I have been trying for days now, however, when a client connects to guest network it does not receive a DHCP IP address. 

POOL: 
ip dhcp pool localpool
network 10.10.96.0 255.255.248.0
default-router 10.101.11.1
dns-server 8.8.8.8 1.1.1.1 10.101.11.1
lease infinite

amarnauthpersaud_0-1690917193830.png

 

SVI of vlan 10 was created for DHCP pool

interface Vlan10
description VLAN 10
ip address pool localpool
ip helper-address 10.25.13.73
no autostate

amarnauthpersaud_1-1690917299328.png

Management is on : GigabitEthernet0

and TwoGigabitEthernet0/0/3 will provide internet connectivity for guest network - gateway is 10.101.11.1

 

amarnauthpersaud_2-1690917443686.png

Guest network policy snaps:

amarnauthpersaud_3-1690917661158.png

amarnauthpersaud_4-1690917713501.png

amarnauthpersaud_5-1690917754155.png

amarnauthpersaud_6-1690917831862.png

 

Hoping to get some help. First time I am configuring a CISCO WLC 9800. I got the internal network wlan to work to radius server on Windows NPS but this guest network using internal dhcp pool is a pain.

 

Regards,

Thanks in advance. 

 

 

 

 

 

Labels:
0 Helpful
9 Replies 9

Flavio Miranda
VIP
VIP

‎08-01-2023 12:42 PM

Hi @amarnauth.persaud 

Not sure if this config is correct

nterface Vlan10
description VLAN 10
ip address pool localpool
ip helper-address 10.25.13.73
no autostate

On the link below the dude do exactly what you are trying.

https://wifininjas.net/2019/08/06/wn-blog-007-c9800-wlc-internal-dhcp-server-config/

 

0 Helpful

amarnauth.persaud
Level 1
Level 1
In response to Flavio Miranda

‎08-01-2023 12:54 PM

Hi Flavio,

  I have tried the link you suggested but issue still is the same. 

Regards,

Amar

0 Helpful

Flavio Miranda
VIP
VIP
In response to amarnauth.persaud

‎08-01-2023 12:59 PM

But did you find any difference on the config?

 Let me ask you about the SSID you create. Is it in flexconnect mode?  I mean, the client is asking for IP on the local LAN ?

  

0 Helpful

amarnauth.persaud
Level 1
Level 1
In response to amarnauth.persaud

‎08-01-2023 01:33 PM - edited ‎08-01-2023 01:34 PM

Hi @Flavio Miranda ,
This is the stats for a connected client. 

MAC Address
 
Client MAC Type
Universally Administered Address
Client DUID
NA
IPV6 Address
fe80::badf:4
User Name
N/A
Policy Profile
GUESTPROFILE
Flex Profile
N/A
Wireless LAN Id
4
WLAN Profile Name
test
 
Wireless LAN Network Name (SSID)
apple
BSSID
c8
Uptime(sec)
69 seconds
Idle state timeout
N/A
Session Timeout
1800 sec (Timer not running)
Session Warning Time
Timer not running
Client Active State
Active
Power Save mode
ON
Current TxRateSet
6.0
Supported Rates
6.0,9.0,12.0,18.0,24.0,36.0,48.0,54.0
QoS Average Data Rate Upstream
0 (kbps)
QoS Realtime Average Data Rate Upstream
0 (kbps)
QoS Burst Data Rate Upstream
0 (kbps)
QoS Realtime Burst Data Rate Upstream
0 (kbps)
QoS Average Data Rate Downstream
0 (kbps)
QoS Realtime Average Data Rate Downstream
0 (kbps)
QoS Burst Data Rate Downstream
0 (kbps)
QoS Realtime Burst Data Rate Downstream
0 (kbps)
Join Time Of Client
08/01/2023 16:28:27 America
Policy Manager State
IP Learn
Last Policy Manager State
Mobility Complete
AAA override passphrase
No
Transition Disable Bitmap
None
User Defined (Private) Network
Disabled
User Defined (Private) Network Drop Unicast
Disabled
Encrypted Traffic Analytics
No
VLAN Override after Webauth
No
VLAN
VLAN10
Multicast VLAN
0
Central NAT
DISABLED
11v DMS Capable
No
QoS Map Capable
Yes
FlexConnect Data Switching
N/A
FlexConnect DHCP Status
N/A
FlexConnect Authentication
N/A
Client Scan Report Time
Timer not running
Max Client Protocol Capability
Wi-Fi6 (802.11ax)
WiFi to Cellular Steering
Not implemented
Cellular Capability
N/A
Regular ASR support
DISABLED
0 Helpful

Flavio Miranda
VIP
VIP
In response to amarnauth.persaud

‎08-01-2023 01:44 PM - edited ‎08-01-2023 01:45 PM

I got it "Flex Profile"

 What you need to check is if the device when connect to the SSID have any layer3 device in between. It seems you put the ip helper-address on the WLC, right?    The helper-address is required if there is a layer3 device between client and wlc, not in the wlc.

jagan.chowdam
VIP
VIP

‎08-01-2023 12:55 PM

Have a look at the following link:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/dhcp-for-wlans.html

Go through the following guidelines to configure internal DHCP server

General Guidelines

  • Internal DHCP server serves both wireless client and wired client (wired client includes AP).

  • To serve wireless client with internal DHCP server, an unicast DHCP server IP address must be configured for wireless client. Internal DHCP server IP address must be configured under the server facing interface, which can be loopback interface, SVI interface, or L3 physical interface.

  • To use internal DHCP server for both wireless and wired client VLAN, an IP address must be configured under client VLAN SVI interface.

  • For wireless client, in DHCP helper address configuration, the IP address of the internal DHCP server must be different from address of wireless client VLAN SVI interface.

  • For wireless client with internal DHCP server support, the internal DHCP server can be configured using global configuration command, under the client VLAN SVI interface or under the wireless policy profile.

  • An internal DHCP server pool can also serve clients of other controllers .

 

-CJ

Rich R
VIP
VIP

‎08-04-2023 03:43 AM

1. You should never use Infinite lease time on DHCP - that's a time bomb especially with random MAC addresses - your pool will slowly fill till no free IPs. Generally no more than 24 hours but where there's high churn much less.
2. I highly recommend using a static IP for the SVI - usually the first or last IP in the pool - remember to exclude that from the pool.
3. What is 10.25.13.73?  Because that is where you're sending your DHCP to at the moment!

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

amarnauth.persaud
Level 1
Level 1

‎08-07-2023 05:45 AM

Hi,
 The solution was creating a SVI interface on the same IP POOL as the GUEST NETWORK VLAN (From as the core network switch).

Then adjusting the policy to this:

amarnauthpersaud_1-1691412308528.png

 

Thanks for all the help.

 

0 Helpful

Rich R
VIP
VIP
In response to amarnauth.persaud

‎08-07-2023 07:37 AM

But you don't need an SVI for that to work unless you're using the SVI to relay using a helper address.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card