Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
1
Replies

Do we need reachability from wireless client to DHCP server in case of DHCP proxy enabled in WLC

sha kom
Level 1
Level 1

‎02-28-2017 09:48 AM - edited ‎07-05-2021 06:37 AM

Hi Experts,

I have set-up where DHCP server is located in data centre and my corporate office has got complete local Wireless set-up which includes WLC and AP. I have query about reachability between client and DHCP server for two different scenarios.

1) IPv4 assignment
2) IPv6 assignment


IPv4 assignment : Do we need to have reachability between client subnet and DHCP server ? by having DHCP proxy enabled in WLC, WLC is relaying all DHCP traffic to DHCP server and to client. Do we still need reachability to DHCP server from client subnet?


If client is IPv6 supported , WLC does not support DHCP proxy for IPv6 , in this case , WLC will simply bridge the traffic to DHCPv6 and client will able to get DHCPv6 server ip address in "ifconfig/all" output, Do we need reachability from client subnet to DHCPv6 server? I guess , this case there should be reachability.

Labels:
0 Helpful
1 Reply 1

Yashas Bhadoria
Cisco Employee
Cisco Employee

‎03-01-2017 05:28 AM

Dhcp proxy is required if the WLC is the dhcp server, if you disable this remember to add the ip-helper address to your L3 interface

The DHCP proxy is not ideal for all network environments. The controller modifies and relays all DHCP transactions to provide helper function and address certain security issues.

The controller’s virtual IP address is normally used as the source IP address of all DHCP transactions to the client. As a result, the real DHCP server IP address is not exposed in the air. This virtual IP is displayed in debug output for DHCP transactions on the controller. However, use of a virtual IP address can cause issues on certain types of clients.

DHCP proxy mode operation maintains the same behavior for both symmetric and asymmetric mobility protocols.

When multiple offers come from external DHCP servers, the DHCP proxy normally selects the first one that comes in and sets the IP address of the server in the client data structure. As a result, all following transactions go through the same DHCP server until a transaction fails after retries. At this point, the proxy selects a different DHCP server for the client.

  • Interoperability issues can exist between a controller with DHCP proxy enabled and devices that act as both a firewall and DHCP server. This is most likely due to the firewall component of the device as firewalls generally do not respond to proxy requests. The workaround for this issue is to disable DHCP proxy on the controller.

  • When a client is in DHCP REQ state on the controller, the controller drops DHCP inform packets. The client will not go into a RUN state on the controller (this is required for the client to pass traffic) until it receives a DHCP discover packet from the client. DHCP inform packets are forwarded by the controller when DHCP proxy is disabled.

  • All controllers that will communicate must have the same DHCP proxy setting

  • Please refer the following links for more info:
    • http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/110865-dhcp-wlc.html
    • https://supportforums.cisco.com/discussion/11290601/wlc-dhcp-proxy-do-or-not-do

For IPV6 please refer the following link:

https://supportforums.cisco.com/document/60106/ipv6-support-wireless-lan-controller-wlc

http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-0/IPV6_DG.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card