Client made a request to the DHCP server, but it did not respond

CRUZPEREZ518 · ‎10-12-2022

Hello,
I have a wireless network with MERAKI model MR42, MR52 and MR56 equipment, I have different SSIDS, all with external DHCP, all the dhcp pools are created in my L3 switch, later I assign each vlan to each SSID depending on the department.
I also have the splash page enabled and the clients log in with their AD user, the connectivity tests work correctly and even most of the clients can connect, but some get the following messages:

Client made a request to the DHCP server, but it did not respond. vlan_id='240' request_ip='unknown' request_server='unknown' details='no_dhcp_ack' radio='1' vap='2' channel='149' rssi='10'

Client made a request to the DHCP server, but the DHCP server rejected the client's request. server_ip='192.168.255.254' vlan_id='240' request_server='unknown' details='dhcp_nack' radio='0' vap='6' channel='11' rssi='37'

The ports where the MERAKI APs connect are configured as follows:

switchport trunk native vlan 502
switchport trunk allowed vlan 1,60,80,100,502
switchport mode trunk
Where VLAN 502 is for the administration of the MERAKI and all the others are from the dhcp pools

Any help I appreciate

Cheers!

Dustin Anderson · ‎10-12-2022

One question is it states vlan 240, but it's not allowed on the trunk?

CRUZPEREZ518 · ‎10-12-2022

Hello,
An apology, if I have assigned the vlan 240 in the trunk port I forgot to comment it but if it is added.

switchport trunk native vlan 502
switchport trunk permitido vlan 1,60,80,100,240,502
switchport mode trunk

Haydn Andrews · ‎10-12-2022

The SSID looks mapped to VLAN 240 based on the output that its trying to get IP in that range. Either you have AAA override changing the VLAN or the SSID is statically mapped to VLAN 240.

As Dustin says you need the client VLAN on the trunk port. Meraki only uses the AP management VLAN for management traffic. Client traffic like DHCP needs the VLAN of the SSID or the AAA override VLAN that the user is being assigned to allowed on the switch port

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Philip D'Ath · ‎10-12-2022

If you put a switch port into VLAN240 and connector a computer - can it DHCP an address?

CRUZPEREZ518 · ‎10-13-2022

If I connect a PC via ethernet cable to a port with vlan240, it works, even if some clients can connect to the SSID via Wi-Fi.
But sometimes it only gets the ip address and when it gets it it says no internet access or it just doesn't get the ip address.
When I check the MERAKI console, I find these types of messages very constant in the logs and I can't identify the problem.

Rich R · ‎10-13-2022

> details='dhcp_nack' - the DHCP server has refused the request for an IP

- Is the DHCP pool large enough?
- Are your lease times too long so that the entire pool gets reserved for long periods leaving no free IPs?
- Have you disabled DHCP conflict logging which can result in large number of IPs getting blocked out and unavailable?
"no ip dhcp conflict logging". You can clear any conflicts temporarily with "clear ip dhcp conflict *" check with "show ip dhcp conflict"

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R

CRUZPEREZ518 · ‎10-13-2022

This is my dhcp pool configuration

ip dhcp pool WiFi
network 192.168.240.0 255.255.240.0
default-router 192.168.255.254
dns-server 172.16.1.1 8.8.8.8
lease 0 0 30

Rich R · ‎10-13-2022

"show ver"
"show ip dhcp pool WiFi"
show run | inc conflict
"sh ip dhcp conflict"
show run | inc excluded

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R

CRUZPEREZ518 · ‎10-14-2022

#show ver

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 56 WS-C3650-12X48UR 16.12.07 CAT3K_CAA-UNIVERSALK9 INSTALL

#show ip dhcp pool WiFi

Pool WiFi:
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 4094
Leased addresses : 1267
Excluded addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased/Excluded/Total
192.168.245.202 192.168.240.1 - 192.168.255.254 1267 / 1 / 4094

#sh ip dhcp conflict
IP address Detection method Detection time VRF
192.168.245.27 Gratuitous ARP Oct 14 2022 01:41 PM

the other commands do not display any information.

Rich R · ‎10-15-2022

IOS 16.12.7 is fairly up to date (16.12.8 is available) and it's the current recommended release so that's good. You seem to have plenty of IPs so that's good.

You have conflict logging enabled (I've seen it cause exactly this type of problem) so you should DISABLE it - it's only recommended for use with external DHCP database.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i1.html#wp4082782944
"If a DHCP server database agent is not used, specify the no ip dhcp conflict logging command to disable the recording of address conflicts."

If you still get problems after that then you'll need to debug and get packet captures to understand what the problem is. If you're not able to do that yourself then you'll need to contact Cisco TAC so they can help you to do it.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
Field Notice: FN-72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Recommended
WARNING - see CSCwd37092 Throughput degraded after upgrading to code 8.10.181.0/17.3.6 - 2800/3800/4800 series
- The fix for CSCwd37092 is now released in 8.10.183.0 and
- For IOS-XE 17.3.6 select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2
Field Notice: FN-63942 Lightweight APs and WLCs Fail to Create CAPWAP Connections Due to Certificate
      Expiration - Software Upgrade Recommended
Field Notice: FN-72524 - During Software Upgrade/Downgrade IOS APs Might Remain in Downloading State
     After 4 Dec 2022 Due to Certificate Expiration - Fixed in 8.10.183.0 and 17.3.6 APSP5 (APSP_CSCwd83653)
     Also fixed in 8.5.182.7 (8.5 mainline) and 8.5.182.105 (8.5 IRCM) if you can't upgrade to 8.10
     TAC confirmed that subordinate Mobility Express APs downloading by TFTP are not affected so ME 8.5.182.0 still works
     Note that 8.10.181.0 and 8.10.182.0 have been deferred (withdrawn) and are effectively unsupported by Cisco
Leo Laohoo's list of bugs affecting 2800/3800/4800/1560 APs
___________________________________________
Richard R