Clients don't get an IP from DHCP

E12TS192 · ‎05-27-2021

Hello,

I have a big problem to create a new WLAN which has to be in a specific VLAN and contact our DHCP server.

The main issue is, that the client does not get an IP.

Error message from the WLC logs: "%APF-4-MOBILESTATION_NOT_FOUND: apf_ms.c:7398 Could not find the mobile [MAC ADDR of CLIENT] in internal database

The current configuration was done by some guy I cannot contact anymore and I don't understand it as it is not as described in the manual...

The config:

- 2 ports of the WLC are connected to a switch via trunk

- 4 interfaces do exist on the WLC:

ap-manager with IP from VLAN 12	int type: dyn	dyn ap management enabled
management with another IP from VLAN 12	int type static	dyn ap management enabled
default-wlan with some IP in VLAN 777 (IP and VLAN ID not known by me! never seen or used and not existent on the FW/Router)	int type: dyn	dyn ap management disabled
virtual without vlan id and IP 1.1.1.1	int type static	dyn ap management: not supported

WLANs:

WLAN1 (for guests)	Interface:default-wlan	gets IP from guest vlan scope
WLAN2 (internal users)	Interface: management	gets IP from internal users vlan scope
WLAN3 (admins [I know I should deactivate it])	Interface: management	gets IP from admins vlan scope

Configuration:

1 Cisco WLC 2504

- Software Version: 8.3.150.0

- Ports 1 and 2 are connected to switch via Trunk

- DHCP Relay enabled

7 APs: AIR-AP1852I-E-K9 and AIR-CAP1602I-E-K9

We are using NPS on the Windows DC but there I also can't find any DHCP Scope/VLAN settings

On the firewall the DHCP relay is enabled as well.

So my question is: What kind of setup is it? Two different WLANs with different destination VLANs are using the same interface?! And how does it work that they are really getting into the right VLAN and getting the IP from the right scope?

- I tried to create a WLAN with the management interface (supposed to get into another VLAN [15] and the clients don't get any IP.

- I tried to create a new interface with right VLAN settings and the right IP and assign it to the new WLAN, still no IP. As DHCP I already tried to set the DHCP itself, the FW and the WLC. None of them worked.

Please if you have a hint for me, just let me know.

Br

Grendizer · ‎05-28-2021

Delete the ap-manager interface, with this, you will depend only on the management interface which is the correct way to configure the WLC.

Make sure the switch trunk config is allowing VLAN 12 (WLC management interface) and VLAN 777 (Clients Interface)

Make sure the FW/Router allow those VLANs

Make sure you have DHCP scopes for those VLANs from the DHCP Server

If you have proxy configured on the switch side (like ip helper address command from Cisco Switches) then disable/remove it or disable the proxy from the WLC, do NOT do double proxy (one from the WLC and another one from the switch)

Side notes (not to fix your current issue):

If you only have those AP models AIR-AP1852I-E-K9 and AIR-CAP1602I-E-K9 and don’t have old legacy AP models then you can upgrade the WLC code to 8.5 latest. Check the Compatibility Matrix here if you have other AP models.

https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html

E12TS192 · ‎06-01-2021

Thank you! I will try.

But where is this all documented? I didn't see it in the manual.

Do you have a link to a howto for this?

Thank you!

Rasika Nayanajith · ‎05-28-2021

You have to create dynamic interfaces on those vlans that you expect to give to wireless users. When you create WLAN, you map that dynamic interface under SSID configuration.

When WLC proxy DHCP, then it will use that dynamic interface IP to tell DHCP server it requires IP address from that subnet

HTH

Rasika

*** Pls rate all useful responses ***

E12TS192 · ‎06-01-2021

Thanks, will look into it