Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1961
Views
35
Helpful
7
Replies

Cisco WLC - DHCP Proxy Mode vs DHCP Bridging Mode

Go to solution
nickydd9
Level 1
Level 1

‎09-15-2022 01:52 PM

I am just a bit confused on DHCP Proxy vs DHCP Bridging. I'll just mention in my environment all the DHCP is handled on Microsoft Windows Server DHCP servers on our local sites domain controllers. We have a DC in each site. On our core switches each SVI has an ip helper address pointing to the local sites DC.

How I understand it is with DHCP bridging it's quite simple in which a client will broadcast a DHCP Discover, and then based on the SSID it's connecting to it flows up through the SVI (the same as a wired client would) and relays to our Microsoft DHCP server and using the GIADDR gets mapped to the proper DHCP scope.

I am not too familiar with DHCP Proxy on Cisco WLC's but after some brief reading how I understood it is that the WLC will act as an intermediary proxy between the client and the DHCP server so that the client is not communicating directly with the DHCP server. So for example, client broadcasts out a DHCP Discover, the WLC then unicasts forwards it to the DHCP server configured under its WLC interface.

So let's use an example topology where Site A is 10.1.0.0/16 and Site B is 10.2.0.0/16 each with their own local Microsoft DHCP server. Assuming the WLC is in site A and has DHCP proxy enabled and let's say its DHCP server for Site A is 10.1.0.10 with all of Site A's scopes, and the DHCP server for Site B is 10.2.0.10 with all of Site B's scopes. If a client at Site B wishes to lease an address via DHCP, it broadcasts out a discover and this hits the WLC, and the WLC then would relay that to 10.1.0.10.

  • How can that work since 10.1.0.10 won't know the scopes for Site B?
  • How does the DHCP Discover get to the WLC, is it inside the CAPWAP tunnel or something and therefore the DHCP Discover broadcast will not hit Site B's DHCP server but instead only forward to the WLC?

Now in my production environment what I am thinking is a tad weird is we have DHCP Proxy enabled, however clients leasing addresses at Site B are still leasing from Site B's DHCP server, even though that is not configured on any interfaces in the WLC.

  • Is the IP helper on the switch somehow taking precedence and the DHCP Discover is just not hitting the WLC at all?
  • Or maybe it is but the first response the client is getting is from the local DHCP server so it uses that one? Again I am asking the questions above about how the DHCP Discover gets to the WLC, not sure if its tunneled in the CAPWAP tunnel or if the DHCP Discover broadcast lives outside of that and can still hit the ip helper on the SVI's on my core switch.
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎09-16-2022 04:16 AM

Hi

 You need to make sure you are using Local switching or central switching on the WLAN.  If you are using local switching then don´t matter if the WLC is proxy or not. The DHCP request sent from client will be floaded locally on the Site A and B network and the WLC will not care about it.

   Now, if you are using Central switching then the DHCP request sent by client will get to the WLC through the capwap tunnel .  On this case, if DHCP proxy is enable, you should to have the DHCP server IP address configured under the WLC dynamic interface. This way, the WLC will know to where ask for IP address for any specific client. 

Reading what you wrote: "Now in my production environment what I am thinking is a tad weird is we have DHCP Proxy enabled, however clients leasing addresses at Site B are still leasing from Site B's DHCP server, even though that is not configured on any interfaces in the WLC."

I can assum that you are using Local switching, otherwise, the WLC would not be able to attribute client´s IP address to client in site B if the WLC reside in site A, as the DHCP server reside in different networks.

You can share your WLC´s config here and we can help you to make sure what´s going on.

 

View solution in original post

7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎09-15-2022 02:14 PM

DHCP Proxy vs DHCP Bridging

the Wireless client send broadcast DHCP request 
DHCP bridge will only forward if from AP to VLAN (crosponding to SSID)
DHCP proxy the broadcast will convert into unicast and send to Server directly (like dhcp relay)

Go to solution
nickydd9
Level 1
Level 1
In response to MHM Cisco World

‎09-15-2022 02:21 PM

So in DHCP proxy the client broadcasts DHCP to the AP, the AP then forwards to the WLC, and the WLC forwards to its configured Microsoft DHCP server on the respective WLC interface correct?

In DHCP bridging the WLC is not involved in the DHCP process and instead then the AP will not forward to the WLC but instead forward it to the VLAN where it will hit the IP helper address and relay to my Microsoft DHCP servers?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to nickydd9

‎09-15-2022 02:35 PM

no AP in flex forward dhcp broadcast request receive from wireless client after encapsulate it into CAPWAP to WLC
WLC will decide to forward it as broadcast (DHCP bridge) or as unicast (DHCP proxy).

Go to solution
nickydd9
Level 1
Level 1
In response to MHM Cisco World

‎09-15-2022 03:53 PM

Ok but as I mentioned above though in my prod environment we have DHCP Proxy enabled, however wireless clients at Site B are still leasing addresses from Site B's local DHCP server. The WLC has no interfaces configured for Site B's DHCP server, only interfaces for Site A's DHCP Server.

So how is the WLC proxying the DHCP request to Site B's DHCP server?

It almost seems like the AP is not encapsulating the DHCP request in CAPWAP and instead its just hitting the IP helper on the SVI and going to my Site B DHCP server....

Go to solution
MHM Cisco World
VIP
VIP
In response to nickydd9

‎09-15-2022 04:04 PM - edited ‎09-15-2022 04:05 PM

306262891_454778523365730_2288336454801884629_n.jpg

if the Site-B is lease IP from DHCP local then check the mode of AP, I think is flex and it work as local SW not central SW.

Go to solution
Flavio Miranda
VIP
VIP

‎09-16-2022 04:16 AM

Hi

 You need to make sure you are using Local switching or central switching on the WLAN.  If you are using local switching then don´t matter if the WLC is proxy or not. The DHCP request sent from client will be floaded locally on the Site A and B network and the WLC will not care about it.

   Now, if you are using Central switching then the DHCP request sent by client will get to the WLC through the capwap tunnel .  On this case, if DHCP proxy is enable, you should to have the DHCP server IP address configured under the WLC dynamic interface. This way, the WLC will know to where ask for IP address for any specific client. 

Reading what you wrote: "Now in my production environment what I am thinking is a tad weird is we have DHCP Proxy enabled, however clients leasing addresses at Site B are still leasing from Site B's DHCP server, even though that is not configured on any interfaces in the WLC."

I can assum that you are using Local switching, otherwise, the WLC would not be able to attribute client´s IP address to client in site B if the WLC reside in site A, as the DHCP server reside in different networks.

You can share your WLC´s config here and we can help you to make sure what´s going on.

 

Go to solution
nickydd9
Level 1
Level 1
In response to Flavio Miranda

‎09-16-2022 08:14 AM

I think you are spot on. I just checked the WLC and we are indeed using AP's in FlexConnect mode and FlexConnect Local Switching is enabled. So that explains it.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card