Hi Folks,

As in title, my wireless clients aren't able to obtain any IP from DHCP Server after successfully applied a FlexACL. The FlexACL purpose is to drop any Client2Client communication, allowing communication with WLC and DHCP Server. Removing FlexACL everything works properly. They don't need to contact any other system outside DHCP Server so a gateway is not required.

Scenario: WLC 2504 (ver8.1) with two AP (3702I and 2702I). Both APs in Flexconnect. VLAN 466 in local switching.

On same VLAN there's a physical DHCP Server (10.0.0.1/16) and DHCP Scope start from 10.0.51.0/16 to 10.0.55.254.

WLC interface in VLAN is 10.0.0.2/16.

FlexACL looks like:

This FlexACL is used in FlexConnect Group applied to both APs.

WLAN used is a simple WPA2-PSK and pointing to a WLC interface (466) where DHCP Proxy is disabled and obviously FlexConnect is configured with local switching and P2P Blocking Action is selected with a DROP value.

The only way to obtain a working ACL is add the WLAN id to the Central DHCP configuration Tab of FlexConnect Group. So there's no communication between clients instead they can properly communicate with 10.0.0.1.

But this looks like a workaround because DHCP is local to WLAN 466 and not centralized.

Can somebody explain me why?

Thanks again, G.