10-22-2012 01:53 PM - edited 07-03-2021 10:53 PM
Hi Guys
Wonder if you could help?
We've got a setup where we have a WLC 4402 with two ports connected to the LAN. One port is connected on VLAN 10 and is the management/ap manager interface and one port is connected on VLAN 99 and is the guest interface. We have two WLANs one is Corporate and one is Guest. The Corporate WLAN uses the management interface and clients receive IP addresses from a configured Windows DHCP Server. The Guest users should receive their IP addresses from the ASA firewall (configured under the DHCP section of the Guest Dynamic Interface).
When clients connect to the corporate WLAN they receive an IP address from the DHCP server without any problem. When clients connect to the Guest WLAN they are unable to receive an IP address. If I untick "Enable DHCP Proxy" under the DHCP settings for the Wireless Controller, the clients connecting to the guest WLAN receive IP addresses from the ASA DHCP Pool.
My first question is if there is anyway to keep the added protection of the DHCP Proxy feature of the WLC and have the clients receive IP addresses from the DHCP pool configured on the ASA? It seems that the only way just now is to turn off the DHCP Proxy feature altogether which seems to be something which I should avoid doing.
My second question is about the configuration of the interfaces. The only two VLANs that will be presented on the ports of my contoller are going to be the management VLAN 10 and the guest VLAN 99 (no money for fancy anchor controllers). Can I leave both dynamic interfaces untagged? They are on separate VLANs on the switchports so it would make sense to me for both dynamic interfaces to be left untagged.
Many thanks in advance.
Stephen
Solved! Go to Solution.
10-22-2012 04:25 PM
#ASA don't repond to unicast dhcp request(unless there is a way to configure it), so you need to disable proxy on wlc.
#Can't have two untagged vlan id on WLC side. Vlan id that is not zero are all tagged on WLC side.
10-22-2012 04:25 PM
#ASA don't repond to unicast dhcp request(unless there is a way to configure it), so you need to disable proxy on wlc.
#Can't have two untagged vlan id on WLC side. Vlan id that is not zero are all tagged on WLC side.
10-23-2012 01:25 PM
Thanks for your help. I thought as much.
Cheers again
Stephen
10-23-2012 01:27 PM
Steve, You're most welcome!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: