Client behind WGB not allowed to get DHCP address - Page 2

Dominic Stalder (old profile) · ‎08-18-2016

Hi guys

we have a simple WGB szenario with a client behind (no VLANs on WGB side) and trying to connect to a Cisco WLC 8.3 controller:

dot11 ssid Gimli
 authentication open eap PEAP 
 authentication network-eap PEAP 
 authentication key-management wpa version 2 cckm
 dot1x credentials PEAP
 dot1x eap profile PEAP
 infrastructure-ssid
!
!
!
eap profile PEAP
 method peap
!
...
!
dot1x credentials PEAP
 username gimli-bridge120
 password 7 01300F175804575D72
 pki-trustpoint XXX
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers aes-ccm 
 !
 ssid Gimli
 !
 antenna gain 0
 station-role workgroup-bridge
 mobile station scan 2412 2437 2462
 mobile station ignore neighbor-list
 mobile station period 20 threshold 70
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 duplex auto
 speed auto
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface BVI1
 mac-address f0f7.5560.2cf6
 ip address dhcp client-id Dot11Radio0
!
bridge 1 route ip
!

The problem occurs, when the client wants to re-bind its DHCP address or tries to get a new one:

*iappSocketTask: Aug 18 17:17:21.551: 3c:07:54:61:90:23 Ignoring wired client add as the WGB is not in RUN state.
*iappSocketTask: Aug 18 17:17:22.622: 3c:07:54:61:90:23 Ignoring wired client add as the WGB is not in RUN state.

*DHCP Socket Task: Aug 18 17:18:36.023: 3c:07:54:61:90:23 DHCP received op BOOTREQUEST (1) (len 308,vlan 49, port 1, encap 0xec03, xid 0xea053280)
*DHCP Socket Task: Aug 18 17:18:36.023: 3c:07:54:61:90:23 DHCP dropping packet (no mscb) found - (giaddr 0.0.0.0, pktInfo->srcPort 68, op: 'BOOTREQUEST')

Did someone ever see this problem too and is there a workaround?

Thanks in advance and best regards

Dominic

WiFi Trainers · ‎08-18-2016

Hi Dominic,

Thanks for attaching the outputs. I think the issue starts with step 3 which you have clearly pointed out. The WLC ignores the client since the WGB is not in RUN state. It looks like it is continuing to do this even after the WGB is up which for me is where the bug could be.

Do update the thread once you have a resolution on this along with your learning's :).

Best Regards,

www.wifitrainers.com

Learn from the Best To be the Best!

Dominic Stalder (old profile) · ‎08-19-2016

Hi

we opened a Cisco TAC case and they are investigating. But in the meantime we were able to get some more useful information, seems to be release related:

8.0.115.0: Problem exists, client will not reconnect

8.1.131.0: Problem exists, client will not reconnect

8.2.121.0: Not able to reproduce the problem, client reconnects

8.3.102.0: Problem exists, client will not reconnect

Just for your information.

Regards

Dominic

WiFi Trainers · ‎08-19-2016

Hi Dominic,

Thanks for the update.

Best Regards,

www.wifitrainers.com

Learn from the Best To be the Best!

Dominic Stalder (old profile) · ‎08-26-2016

Hey guys

did some more tests today and changed two things:

1. The customer had mobility groups configured with a multicast address, but the multicast communication did not / does not work --> now with mobility by unicast the L3 roaming works perfectly. Was a big issue and was part of this problem too.

2. Configured the WGB SSID with Passive Client feature (had to disable " DHCP Addr. Assignment required")

Theses changes seem to work pretty well on different WLC versions (8.0 and 8.2), the clients behind the WGB keep connection the hole time. What's interesting in my opinion: the passive client feature seems to focus on static ip addressed clients and does not focus on DHCP clients, but somehow this improves DHCP clients behind WGBs. What is your opinion on this feature?

Information About Passive Clients

Passive clients are wireless devices, such as scales and printers that are configured with a static IP address. These clients do not transmit any IP information such as IP address, subnet mask, and gateway information when they associate with an access point. As a result, when passive clients are used, the controller never knows the IP address unless they use the DHCP.

Have a nice weekend

Dominic

lan · ‎08-16-2018

Try to do it.

interface BVI1
ip dhcp client client-id GigabitEthernet0
ip address dhcp