Solved: Re: DHCP proxy with 5520

atifali.zaidi1 · ‎02-21-2018

Hello experts , i have the following setup

5520 anchor wlc ------ DMZ switch ------- Firewall (which has the layer 3 of user subnet ) -----internet router --------- DHCP server (hosted somewhere else

the scope is created on the dhcp server , which is pingable from the anchor wlc .

i have enabled dhcp proxy on the anchor 5520 wlc globally and defined dhcp server IP address on the dynamic interface , on that interface i have checked the dhcp proxy option as "global".

my clients do not grab an IP , is there something am i missing ?

do i need to define the dhcp server IP on the management interface as well ?

dhcp proxy helps the wlc to act as a helper , so maybe it is not working ?

do i have to put the ip helper ip address on the firewall, where it has the layer 3 of the user subnet ?

the 5520 does not support internal dhcp server.

Flavio Miranda · ‎02-21-2018

The source interface must be the interface you setup proxy on, probably an dynamic interface.

But, just in case, you can easily see this on the firewall logs.

Permit DHCP through firewall is not an too easy task. I´d need to know which firewall we are talking about but you need to permit at least bootpc = port67 and bootpc = port68.

-If I helped you somehow, please, rate it as useful.-

View solution in original post

Flavio Miranda · ‎02-21-2018

Hi

You need to configure DHCP IP address on the WLC dynamic interface only.

The problem is that you have a firewall in the middle right? How about that? How did you permit dhcp request from WLC to the DHCP server?

Did you look at firewall logs to see if DHCP transaction is going back and forth?

You don't need IP helper address as the WLC does not send DHCP request as broadcast but unicast.

You do need permit dhcp through firewall.

-If I helped you somehow, please, rate it as useful.-

atifali.zaidi1 · ‎02-21-2018

Hi there , i have asked the firewall team to.check if dhcp traffic is allowed through the firewall.
Since dhcp uses udp, is there source/destination ports that we would need to open in this scenario ?
Also since in dhcp proxy the wlc unicasts the dhcp request to dhcp server , the source ip address in this case would be the wlc's mamagement ip address amd then then destination ip address wud be dhcp server ip address ?

Flavio Miranda · ‎02-21-2018

The source interface must be the interface you setup proxy on, probably an dynamic interface.

But, just in case, you can easily see this on the firewall logs.

Permit DHCP through firewall is not an too easy task. I´d need to know which firewall we are talking about but you need to permit at least bootpc = port67 and bootpc = port68.

-If I helped you somehow, please, rate it as useful.-

atifali.zaidi1 · ‎02-22-2018

hi Flavio , thanks for the assistance here :)

yes infact i have now involved the firewall team and we will do some log capturing today, hopefully it the firewall which is blocking the dhcp traffic and therefore we would need to open those dhcp ports as well.

Flavio Miranda · ‎02-22-2018

Depending on the switch model, It is pretty straightforward create a DHCP scope on the switch and validate is the problem is firewall or not.

-If I helped you somehow, please, rate it as useful.-