cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4054
Views
0
Helpful
14
Replies

Cisco AP's not migrating to new 2012 DHCP server

ronajor
Level 1
Level 1

I'm having an issue migrating my Cisco wireless AP's off of an old Windows Server 2000 DHCP server to a new Windows Server 2012 DHCP server.  The issue is that the AP's actually move over to the new DHCP server, but they only pull a 1 minute lease time (regardless of the fact that the scope is set for 8 hours)

I find that if I shut the switch port that the AP is connected to twice it will pull a valid 8 hour lease time.

Currently, I have my controllers set with the DHCP proxy option and my IP helpers set correctly on my switch (two helpers, 1 for each 2012 DHCP server in the load balancing failover scope).

I'm trying to move over roughly 320 access points to the new 2012 Server (which is a load balance failover scope) and cannot seem to get them to move unless I manually shut the switch port twice.

The funny thing is that all other computers/devices have migrated over from the 2000 server to the 2012 sever with no issues.

Has anyone experienced this issue or have any suggestions I could try?  It's quite frustrating to say the least.

Any help greatly appreciated.

14 Replies 14

George Stefanick
VIP Alumni
VIP Alumni

I just did a very similar migration from 2000 to 2008. I didnt have any issues. When you did a shut to the port I assume you have PoE and it reset the AP. I cant say that I seen this before.

I would think if you did a shut, pulled a IP from the new server lie should be good.

DHCP proxy is for clients only. Not Aps..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Yes, the AP's are PoE.

It's a very peculiar issue to have, one in which my boss has not seen either.  I only mention DHCP proxy as the TAC engineer mentioned it.

When I first attempted this, the AP's would not move from the old 2000 server to the new 2012 server.  I had to deactivate the scope on the 2000 server to get them to move.  Consequently, they all pulled a 1 minute lease time.  Since then, I moved them back to the 2000 server until I can get this sorted out.

Now, with the AP's back on the 2000 server, if I shut the port, it moves over to the 2012 server and gets a 1 minute lease time.  I then shut the port again, and it pulls a valid lease time from the 2012 server.

I've tried various lengths of time leaving the port shut without a different result.  I've reset some AP's in WCS with the same result.

FWIW, I've also tried 'power inline never' on the port to see if they would pull a valid lease once I powered it back up, in which they did not.

have you sniffed the DHCP req and respose and see what the lease time is in the packet ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

I just looked at my network monitor capture and the IPAddressLeaseTime is showing as 1 minute.  This is the confusing part that I can't wrap my head around...the scope is set for 8 hours, so why is it that these Cisco AP's are getting a 1 minute lease time.  It is only affecting the Cisco AP's, everything else is fine.

Can I ask if you try a test?

Select a few APs on a particular area (based on the IP Helper address on segment) and enable the DHCP on the switch.

I've got a strange feeling someones turned on another DHCP server that no one knew off.  Possibly a test. 

George Stefanick
VIP Alumni
VIP Alumni

So the response shows 1 minute .. Are you doing anything fancy with the scopes like options ? Maybe a server 2012 bug.

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

My options at server/scope level are exactly the same as they are on the 2000 Server.  I'm thinking along the lines of you that it is a Server 2012 bug.  I stood up a 2008 Server, and the AP's seemed to move fine.  I'm sending my results into Microsoft to see what they say about it.  I'll report back what I find out.

Stop back .. Interested in hearing what you find ..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

ronajor
Level 1
Level 1

Just wanted to leave a follow up to this issue.

First off, it's still not resolved.

I currently have tickets opened with Cisco and Microsoft.  Each of them having a network capture.

I think the issue is with Microsoft, but who knows, it could be a code level or something on the Cisco side not liking Server 2012.

As of right now, the latest information is that the Cisco AP's only pull a lease time of whatever the Maximum Client Lead Time is set to on the DHCP server, which according to Microsoft is correct and the device should then pull a valid lease upon next refresh. The MCLT was set to 1 minute (a mistake on my part), but has since been adjusted to 1 hour, recommended by Microsoft. The issue is, the Cisco AP's never update that lease to the actual lease time that the scope is set to unless I power off/shut the network port. So since I've adjusted the MCLT, the AP's keep a 1 hour lease regardless of scope setting.

I'm still waiting to hear back from Cisco after I sent a network capture, the tech on the case is on PTO today and probably tomorrow so I probalby wont hear back from him until next week.  And I'm waiting for the next feedback from Microsoft.

So that's where I am at right now.  I just wanted to update this thread because I hate when people open threads and the just disappear.

Hi Ronnie,

Has this been solved yet or any other news?

I've run into the exact same problem with WLC 5508, 3502 APs and Windows Server 2012 failover DHCP.

Hi Theo, sorry, I forgot to come back and reply to this post about my findings.  I worked with both Microsoft and CISCO to resolve this, and alough it's not exactly "solved", we do have an answer to the behavior that is happening.  Below is a pasted email from CISCO explaing what is happening:

Email from Eric from CISCO

"

From what I see,  Laura from Microsoft is nearly 100% correct.  RFC 2131, which specifies DHCP,  lists Option 51 as "The time is in units of seconds, and is specified as a 32-bit unsigned integer."  RFC 2131 does not directly specify when this option is to be used.  RFC 2131 does reference RFC 1533 which specifies "DHCP Options and BOOTP Vendor Extensions", and in 1533 it states:

IP Address Lease Time

   This option is used in a client request (DHCPDISCOVER or DHCPREQUEST)

   to allow the client to request a lease time for the IP address.  In a

   server reply (DHCPOFFER), a DHCP server uses this option to specify

   the lease time it is willing to offer.

   The time is in units of seconds, and is specified as a 32-bit

   unsigned integer.

   The code for this option is 51, and its length is 4.

The client, the Cisco AP in this case, is permitted to use this option to specify the lease time that it would like to have.  The DHCP Server is not required to honor this request and may change it to any value that it sees fit, just as if the client had requested an infinite lease time or an IP Address that the DHCP had already assigned to another client, it has the right to provide whatever value it sees fit in its Offer and Ack.  Ultimately, neither the AP nor the Microsoft 2012 DHCP server is performing outside of the RFCs.  The AP is doing something that might seem unusual, but in reality it is just requesting the same lease time that it had been previously given by the DHCP Server.  The DHCP Server is accepting the AP's request and responding back in kind, which is within its rights to do so based on the RFCs.  However, it seems that given the DHCP Server's use of MCLT, the onus would be on the server to assign the lease time that the administrator has configured and not on the client to either request a lease period other than what it was originally given or not specify a lease period at all, since the RFCs do state that the client has the right to do so.

If the fix for this were to come from the Cisco side, I would need to file a Feature Request for our developers to analyze, and they will more than likely come back with my same analysis, that we are operating within the RFCs and as such no change will be made.  Instead, I would recommend that this process be followed by Microsoft, to consider that even though they are operating within the RFCs they are likely not operating within the confines of the MCLT feature and this behavior should be changed to ignore the client's request for a specific lease time.

"

Hope this helps.  I can give the full name of Eric from Cisco who discovered this, but not really sure of the protocol to do so, and if they want their name pasted on the internet.

Thanks for the swift reply! Have you talked to Microsoft about what Eric has found? I've seen the same behaviour with normal Windows clients but it corrects itself after the second DHCP renewal.

With server 2012, to my understanding, the client is always supposed to pull the MCLT first, and then grab the actual lease time the next refresh.  This seems to work fine for MS clients, but not for the Cisco AP's.

I haven't approached anyone in regards to correcting it. Microsoft dropped out from them email chain before Eric came back with his findings.  I'm assuming, like Eric said, that since both parties are within RFC compliance that no one is going to spend the time to correct it.

Hello all,

i am also joining this discussion because its the one that is closest to the strange behaviour i am noticing in our network.

Our setup is comprised of 2xwism2 and ms 2012 dhcp server. I was able to provide some ip address through the dhcp server to a range of aps (e.g 1121, 1041 ) so far

What is quite puzzling is the following:

At a specific remote location, 2x1041 cant receive ip dhcp address. I have verified , received the dhcp ip using a laptop, that the dhcp server is setup correctly and the routing is also ok.

Though, the 1041 for a strange reason dont "register" the ip offered by the dhcp server. moreover, i have stopped the ms dhcp server, and loaded tftp64 (using dhcp server functionality) just to receive the log messages. I have managed to capture the activity between the ap and the dhcp server (tftp64 this time) which follows:

Rcvd DHCP Discover Msg for IP 0.0.0.0, Mac 4C:00:82:BF:47:04 [17/12 11:58:11.426]

Client requested address 0.0.0.0 [17/12 11:58:11.426]

DHCP: proposed address 10.101.0.52 [17/12 11:58:11.426]

Rcvd DHCP Discover Msg for IP 0.0.0.0, Mac 4C:00:82:BF:47:04 [17/12 11:58:15.513]

Client requested address 0.0.0.0 [17/12 11:58:15.513]

DHCP: proposed address 10.101.0.52 [17/12 11:58:15.513]

This process goes on on and its an endless loop. To my understanding the ap dont actually accept the offered ip?

I have played a bit with the lease time, etc, but not luck.

So, to make my 1041 laps work, i ended up configuring static ip (capwap ap ip ..... etc) .

But, i just dont understand what could be so wrong here.

Any ideas pls???

Thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: