Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
54673
Views
57
Helpful
21
Replies

Client Stuck in IP learn state cisco 9800 WLC

Go to solution
ittechk4u1
Level 1
Level 1

‎09-30-2021 12:39 AM

Hello Experts,

 

I am testing Cisco 9800 series WLC with software version 17.3.3, 9115 AP is in local mode.

 

Issue: When I am using external DHCP server , also added the ip helper address command on upstream switch then all clients stuck in IP learn state.

 

If I use internal DHCP server then it working.

 

What could be the issue ?

 

Thanks

 

 

 

 

 

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to JPavonM

‎09-30-2021 10:37 PM - edited ‎09-30-2021 11:18 PM

did you try to upgrade the software to 17.6 and try again

View solution in original post

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Sandeep Choudhary

‎09-30-2021 11:32 PM

I think you can go confirm the below;

Make sure that the Layer 2 vlans are create

!

vlan 180-195,172

!

If there is any SVI's for user VLAN's delete them, unless you need mdns or dhcp relay you really dont need any SVI's for user vlans.In the upstream switch configure the IP helper address under the interface.

!

Most importantly as @JPavonM mentioned please check the PCAP, if the upstream switch is IOS-XE you can run it in the switch itself, if not you may have to use SPAN. Alternatively you can use PCAP feature in 9800 (not AP PCAP).

!
Also make sure that no DHCP server IP address is configured under the policy profile. And use the VLAN ID is configured under the policy profile.

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

21 Replies 21

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎09-30-2021 12:58 AM

Is the WLC you are testing is a physical WLC or virtual? Did you check whether the DHCP discover messages are received by the upstream switch? You may do a PCAP or a debug if possible to check. Also post the upstream switchport config to the WLC (do not use any native VLANs)

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Go to solution
ittechk4u1
Level 1
Level 1
In response to Arshad Safrulla

‎09-30-2021 01:58 AM

Its a physical WLC and no native vlan configured.

 

Here is the config:

 

 

interface Port-channel3
description *** WLAN2 ***
switchport trunk allowed vlan 180-195,172
switchport mode trunk
ip dhcp snooping trust
!
interface GigabitEthernet1/0/4
description *** WLAN2,  Port0 ***
switchport trunk allowed vlan 180-195,172
switchport mode trunk
channel-group 3 mode active
ip dhcp snooping trust
!
interface GigabitEthernet2/0/4
description *** WLAN2, Port1 ***
switchport trunk allowed vlan 180-195,172
switchport mode trunk
channel-group 3 mode active
ip dhcp snooping trust

 

Thanks !

 

0 Helpful

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to ittechk4u1

‎09-30-2021 03:30 AM

Did you try disabling IP DHCP snooping for the Wireless VLAN's. (not adding ip dhcp snooping trust, remove VLAN's from ip dhcp snooping) Also if you have ARP inspection disable that as well for the wireless VLANs. Also check on the switch logs and if possible run a debug or PCAP to see DHCP discover packets from the client is hitting the Gateway.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Go to solution
ittechk4u1
Level 1
Level 1
In response to Arshad Safrulla

‎09-30-2021 04:59 AM

disabled both (DHCP snooping & ARP inspection)...still same issue

0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎09-30-2021 01:05 AM

 

 - You may have some radioactive-trace (client debugging) . which you can let analyze with : 

                       https://cway.cisco.com/tools/WirelessDebugAnalyzer/

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-30-2021 01:12 AM

Disable IPv4 DHCP Required and try again!

 

 

Go to solution
ittechk4u1
Level 1
Level 1
In response to Sandeep Choudhary

‎09-30-2021 02:01 AM

Yes I did try but still not successful.

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to ittechk4u1

‎09-30-2021 03:22 AM - edited ‎09-30-2021 03:28 AM

I tested in my lab and it worked for me .

 

Please do these and test again:

1. Uncheck the box for IPv4 DHCP Required

2. Enter the correct DHCP server IP Address

 

if still not working then save the config and reboot WLC.

 

 

 

 

Go to solution
ittechk4u1
Level 1
Level 1
In response to Sandeep Choudhary

‎09-30-2021 05:02 AM

NO its not working. 

0 Helpful

Go to solution
billydailey
Level 1
Level 1
In response to Sandeep Choudhary

‎06-07-2023 01:12 PM

where did you do these at?

0 Helpful

Go to solution
JPavonM
VIP
VIP

‎09-30-2021 06:30 AM

  1. Is there any firewall that may be filtering DHCP traffic?
  2. Do you have SVIs created on WLC for those VLANs where you want DHCP to be received? Are you setting DHCP source interface?
  3. Have you tried a monitor session to capture UDP traffic in Po3 and check if all DORA process is there, or al least Discoveries and Offers?
  4. Can you try to bounce the radio interface to check if this is solved? I mention this because on 17.3.2 there is a bug (CSCvw18047) which is supposed to be fixed in 17.3.3 and that is the observed behaviour, and the workaround to solve it.

HTH
-Jesus
*** Please rate helpful responses ***

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to JPavonM

‎09-30-2021 10:37 PM - edited ‎09-30-2021 11:18 PM

did you try to upgrade the software to 17.6 and try again

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Sandeep Choudhary

‎09-30-2021 11:32 PM

I think you can go confirm the below;

Make sure that the Layer 2 vlans are create

!

vlan 180-195,172

!

If there is any SVI's for user VLAN's delete them, unless you need mdns or dhcp relay you really dont need any SVI's for user vlans.In the upstream switch configure the IP helper address under the interface.

!

Most importantly as @JPavonM mentioned please check the PCAP, if the upstream switch is IOS-XE you can run it in the switch itself, if not you may have to use SPAN. Alternatively you can use PCAP feature in 9800 (not AP PCAP).

!
Also make sure that no DHCP server IP address is configured under the policy profile. And use the VLAN ID is configured under the policy profile.

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Go to solution
ittechk4u1
Level 1
Level 1
In response to Arshad Safrulla

‎10-01-2021 12:38 AM

ok I will try this and let you know.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top