Solved: Client not getting DHCP IP on WLC9800

eeebbunee · ‎09-21-2023

Hello Professionals,

Client can't get DHCP IP from DHCP server through the WLC9800, and here is my network.

- When Client connects to SSID:SVI-60, able to get DHCP IP from Core switch. : works!

- When Client connects to SSID:SVR-100, Not get DHCP IP from DHCP Server(Firepower).

WLANs, SVI, setting relay IP configuration in WLC9800 are all same, but I couldn't get IP address from firepower.
When I google it, it looks like bug#CSCvr86538. (https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr86358)

The solution of this bug is :
- Delete SVI IP address and Make L2 bridging

What does that mean 'making L2 bridge'. Does it mean that I put no ip address for SVI?

Current score is no luck..

DHCP Relay Statistics
---------------------

DHCP Server IP : 192.168.100.1

Message Count
--------------------------
DHCPDISCOVER : 188
BOOTP FORWARD : 188
BOOTP REPLY : 0
DHCPOFFER : 0
DHCPREQUEST : 0
DHCPACK : 0
DHCPNAK : 0
DHCPDECLINE : 0
DHCPRELEASE : 0
DHCPINFORM : 0

Tx/Rx Time :
------------
LastTxTime : 14:30:05
LastRxTime : 18:00:00

Should I enable one physical port and provide access vlan 100 (and match with switch port to be access vlan 100) seperately?
or even if I configure new physical port, is it still communicating with wireless-mgmt VLAN50?

Thank you so much for providing your time.

Rasika Nayanajith · ‎09-21-2023

SVI-60 only need to be on your core switch.

On your 9800, you need to have VLAN 60 (just L2 vlan defined on 9800) & trunk to your core switch. No SVI-60 on 9800

Is that the configuration you got ?

HTH
Rasika
*** Pls rate all useful responses ***

View solution in original post

Rasika Nayanajith · ‎09-21-2023

You only require management SVI (vlan 50) on your 9800 controller. Remove all other client SVIs from 9800 & check it.

HTH
Rasika
*** Pls rate all useful responses ***

eeebbunee · ‎09-21-2023

Hello Sir,

When I just remove all SVIs except managemet (VLAN50), I failed to access SVI-60.
Is there any steps that I deeply look into it?

Thank you.

Rasika Nayanajith · ‎09-21-2023

SVI-60 only need to be on your core switch.

On your 9800, you need to have VLAN 60 (just L2 vlan defined on 9800) & trunk to your core switch. No SVI-60 on 9800

Is that the configuration you got ?

HTH
Rasika
*** Pls rate all useful responses ***

eeebbunee · ‎10-06-2023

Hello Rasika,

Thank you so much!!! Client finally got the DHCP IP from the firewall for Guest network.

I made one more Ethernet port for guest VLAN and made L2, then it works.

I appreciate your comment..!

Fco-Barron · ‎05-23-2025

HI EEEBBUNEE, I have the same problem, can you please let me know in detail how your fix this issue? Ethernet port ? you mean use one extra ether port of the wlc and connected to the core switch? if so, both were in Trunk or access and what vlan should they have.. I tried the same solution down here and it failed.. can you pleae let me know how you did it in detail? I can't make the dhcp for this guess wlan that is in the FP respond.. Thanks a lot.

Rich R · ‎05-24-2025

@Fco-Barron the answers already provided explain how to "fix" the problem.
You need to understand how the 9800 works.
There are literally hundreds of config examples, blogs, videos, and guides which you can read and watch.

Start with these Cisco links and search if you want to find more:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213911-understand-catalyst-9800-wireless-contro.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/newconfigmodel/b_catalyst-9800-configuration-model.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/videos/Basic-Configuration-of-Cisco-Catalyst-9800-Series-Wireless-Controller.html

Make sure you are using current recommended software as per TAC recommended link below and follow the Best Practice guide (link below). Check your WLC config for common mistakes and best practice tips using the Config Analyzer (link and details below)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

marce1000 · ‎09-22-2023

- Look at best practices for DHCP setup(s) here : https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html#DHCPbridgingandDHCPrelay

Have a checkup of the WLC9800 configuration too ; with the CLI command show tech wireless ; feed the output into :
https://cway.cisco.com/wireless-config-analyzer/
This procedure is strongly adviced

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R · ‎10-05-2023

And refer to the 9800 Best Practice guide - link below.

As Rasika has said already - there is no need to configure SVI on the 9800 for client VLANs.

You've also not mentioned what version of IOS-XE you're using - refer to TAC recommended releases (below) - currently 17.9.4 (which also fixes the bug you referenced which is quite old).

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390