Solved: Client Stuck in IP learn state cisco 9800 WLC

ittechk4u1 · ‎09-30-2021

Hello Experts,

I am testing Cisco 9800 series WLC with software version 17.3.3, 9115 AP is in local mode.

Issue: When I am using external DHCP server , also added the ip helper address command on upstream switch then all clients stuck in IP learn state.

If I use internal DHCP server then it working.

What could be the issue ?

Thanks

Sandeep Choudhary · ‎09-30-2021

did you try to upgrade the software to 17.6 and try again

View solution in original post

Arshad Safrulla · ‎09-30-2021

I think you can go confirm the below;

Make sure that the Layer 2 vlans are create

!

vlan 180-195,172

!

If there is any SVI's for user VLAN's delete them, unless you need mdns or dhcp relay you really dont need any SVI's for user vlans.In the upstream switch configure the IP helper address under the interface.

!

Most importantly as @JPavonM mentioned please check the PCAP, if the upstream switch is IOS-XE you can run it in the switch itself, if not you may have to use SPAN. Alternatively you can use PCAP feature in 9800 (not AP PCAP).

!
Also make sure that no DHCP server IP address is configured under the policy profile. And use the VLAN ID is configured under the policy profile.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

Arshad Safrulla · ‎09-30-2021

Is the WLC you are testing is a physical WLC or virtual? Did you check whether the DHCP discover messages are received by the upstream switch? You may do a PCAP or a debug if possible to check. Also post the upstream switchport config to the WLC (do not use any native VLANs)

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

ittechk4u1 · ‎09-30-2021

Its a physical WLC and no native vlan configured.

Here is the config:

interface Port-channel3
description *** WLAN2 ***
switchport trunk allowed vlan 180-195,172
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet1/0/4
description *** WLAN2, Port0 ***
switchport trunk allowed vlan 180-195,172
switchport mode trunk
channel-group 3 mode active
ip dhcp snooping trust
!
interface GigabitEthernet2/0/4
description *** WLAN2, Port1 ***
switchport trunk allowed vlan 180-195,172
switchport mode trunk
channel-group 3 mode active
ip dhcp snooping trust

Thanks !

Arshad Safrulla · ‎09-30-2021

Did you try disabling IP DHCP snooping for the Wireless VLAN's. (not adding ip dhcp snooping trust, remove VLAN's from ip dhcp snooping) Also if you have ARP inspection disable that as well for the wireless VLANs. Also check on the switch logs and if possible run a debug or PCAP to see DHCP discover packets from the client is hitting the Gateway.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

ittechk4u1 · ‎09-30-2021

disabled both (DHCP snooping & ARP inspection)...still same issue

marce1000 · ‎09-30-2021

- You may have some radioactive-trace (client debugging) . which you can let analyze with :

https://cway.cisco.com/tools/WirelessDebugAnalyzer/

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Sandeep Choudhary · ‎09-30-2021

Disable IPv4 DHCP Required and try again!

ittechk4u1 · ‎09-30-2021

Yes I did try but still not successful.

Sandeep Choudhary · ‎09-30-2021

I tested in my lab and it worked for me .

Please do these and test again:

1. Uncheck the box for IPv4 DHCP Required

2. Enter the correct DHCP server IP Address

if still not working then save the config and reboot WLC.

ittechk4u1 · ‎09-30-2021

NO its not working.

billydailey · ‎06-07-2023

where did you do these at?

JPavonM · ‎09-30-2021

Is there any firewall that may be filtering DHCP traffic?
Do you have SVIs created on WLC for those VLANs where you want DHCP to be received? Are you setting DHCP source interface?
Have you tried a monitor session to capture UDP traffic in Po3 and check if all DORA process is there, or al least Discoveries and Offers?
Can you try to bounce the radio interface to check if this is solved? I mention this because on 17.3.2 there is a bug (CSCvw18047) which is supposed to be fixed in 17.3.3 and that is the observed behaviour, and the workaround to solve it.

HTH
-Jesus
*** Please rate helpful responses ***

Sandeep Choudhary · ‎09-30-2021

did you try to upgrade the software to 17.6 and try again

Arshad Safrulla · ‎09-30-2021

I think you can go confirm the below;

Make sure that the Layer 2 vlans are create

!

vlan 180-195,172

!

If there is any SVI's for user VLAN's delete them, unless you need mdns or dhcp relay you really dont need any SVI's for user vlans.In the upstream switch configure the IP helper address under the interface.

!

Most importantly as @JPavonM mentioned please check the PCAP, if the upstream switch is IOS-XE you can run it in the switch itself, if not you may have to use SPAN. Alternatively you can use PCAP feature in 9800 (not AP PCAP).

!
Also make sure that no DHCP server IP address is configured under the policy profile. And use the VLAN ID is configured under the policy profile.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

ittechk4u1 · ‎10-01-2021

ok I will try this and let you know.