Is it required that you can

LvdWilligen · ‎06-07-2016

Hello fellow engineers!

Today I've tried to connect a HP 510 bridge to our Cisco Wireless LAN (WLC 5760).

The HP 510 bridge (MAC 8851.fb77.a2fc) is used to connect a wired client (MAC 14da.e9c9.e374) to the Wireless LAN.

The HP 510 keeps a table with IP addresses and wired MAC addresses of its attached wired clients. All traffic from all wired clients to the Wireless LAN is sent from the bridges MAC address (8851.fb77.a2fc). Returning traffic to the clients is switched to the original wired MAC using the IP/MAC table within the bridge.

However, the client is not able to obtain an IP address, it is able to connect however with a static IP address configured.

What did I try?

- Disable IP DHCP require on the SSID (to support a static IP);

- Disable IP DHCP snooping;

- Enable Wireless broadcast;

Below you will find the "debug ip dhcp snooping" output (ofcourse with DHCP snooping enabled).

Note: also with DHCP snooping disabled, the client is not able to obtain an IP.

Jun 7 17:10:31.116: DHCP_SNOOPING: process new DHCP packet, message type: DHCPDISCOVER, input interface: Ca1, MAC da: ffff.ffff.ffff, MAC sa: 8851.fb77.a2fc, IP da: 255.255.255.255, IP sa: 0.0.0.0, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 0.0.0.0, DHCP siaddr: 0.0.0.0, DHCP giaddr: 0.0.0.0, DHCP chaddr: 14da.e9c9.e374

Jun 7 17:10:31.116: DHCP_SNOOPING_SW: bridge packet get invalid mat entry: FFFF.FFFF.FFFF, packet is flooded to ingress VLAN: (2009)

Jun 7 17:10:31.124: DHCP_SNOOPING: received new DHCP packet from input interface (Port-channel2)

Jun 7 17:10:31.124: DHCP_SNOOPING_SW: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff

Jun 7 17:10:31.124: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat entry for mac: 14da.e9c9.e374

Jun 7 17:10:31.124: DHCP_SNOOPING: process new DHCP packet, message type: DHCPOFFER, input interface: Po2, MAC da: ffff.ffff.ffff, MAC sa: 8c60.4fbe.58fc, IP da: 255.255.255.255, IP sa: 192.168.1.1, DHCP ciaddr: 0.0.0.0, DHCP yiaddr: 192.168.1.126, DHCP siaddr: 0.0.0.0, DHCP giaddr: 192.168.1.1, DHCP chaddr: 14da.e9c9.e374

Jun 7 17:10:31.124: DHCP_SNOOPING_SW: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff

Jun 7 17:10:31.124: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat entry for mac: 14da.e9c9.e374

Jun 7 17:10:31.124: DHCP_SNOOPING_SW: client address lookup failed to locate client interface, retry lookup using packet mac DA: ffff.ffff.ffff

Jun 7 17:10:31.124: DHCP_SNOOPING_SW: lookup packet destination port failed to get mat entry for mac: 14da.e9c9.e374

Jun 7 17:10:31.124: DHCP_SNOOPING: can't find output interface for dhcp reply. the message is dropped.

I think this shows a "works as designed" situation, because 14da.e9c9.e374 is not know by the WLC (it is connected behind the bridge 8851.fb77.a2fc). However, is there a way to broadcast the DHCPOFFER to the client?

Note: disabling DHCP snooping and enabling wireless broadcast did not solve the issue.

Thanks for your time!!!

Eldee!

Freerk Terpstra · ‎06-15-2016

Is it required that you can access the WGB itself by WiFi? I'm not familiar with this specific product, but I suspect that the Cisco 5760 does not really understand that there is a WGB involved. What you can do is configure "MAC cloning" and let the WGB use the MAC address of the client itself. Within the Cisco WGB implementation this is called "universal bridge mode". This way the 5760 does only now about the connected client MAC address and has no idea that there is a WGB in between.

Please rate useful posts... :-)

LvdWilligen · ‎06-22-2016

Hi Freerk!

This sounds like a plausible solution!

I've already tried this option, however, the DHCP packets get stuck in the WGB. They don't arrive at the client (they are sent by the WLC to the WGB).

I will investigate further with HP, and post it on this forum.

Thanks!

Connecting 3rd party (HP510) Wireless Bridge