Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1491
Views
5
Helpful
5
Replies

Guest Wireless Tunnelling - DHCP Issue

Go to solution
Paul_Yarwood
Level 1
Level 1

‎06-27-2013 06:21 AM - edited ‎07-04-2021 12:18 AM

Hi,

I'm attempting to implement Guest Anchor tunnelling between two WLC's but I've run into an odd issue I cannot find a clear answer to.

We have two 5508 WLC's, both Running 7.4.100.0.

The Guest Anchor Controller obviously resides in a DMZ, it's functionality has been proven by connecting an AP directly to it, and connecting the the guest WLAN.

The two controllers have been configured as Mobility Peers, the Mobility Tunnel between them is up (mping and eping both successful, status is up).

The Guest WLAN has been replicated on both controllers, I have set the Mobility Anchor on the WLAN. The Guest Anchor has itself as the mobility anchor and the Internal Controller has the Guest Anchor set.

DHCP is provided by the Guest Anchor's internal DHCP Server. DHCP Proxy is enabled on both Controllers, with the Option 82 format set to AP-MAC. Both Controllers WLAN settings are set to DHCP Server Override, pointed to the Management IP of the Guest Anchor and DHCP Addr. Assignment required.

The problem I'm experiencing is with connecting clients through the Internal WLC. The Client Associates to the Internal WLC and obtains a lease from the Guest Anchor and connects to the network. A few seconds later the client is dessociated from the internal controller. On every subsequent connection attempt, the client does not recieve a response to it's DHCP Requests, and hence ends up with an apipa address.

The Message logs on two controllers return the following errors:

INTERNAL CONTROLLER:

*apfReceiveTask: Jun 27 14:03:25.839: #APF-4-HANDOFF_END_RCVD: apf_mm.c:1626 Handoff end received in wrong role (peer Ip: 0.0.0.0, sender:GUEST_ANCHOR_IP, Role:0) for mobile Client_MAC

GUEST ANCHOR CONTROLLER:

*DHCP Server: Jun 27 14:03:14.466: #DHCP-4-REQIP_NOT_PRESENT: dhcpd.c:559 Received a packet without a requested ip!.

Has anyone else seen similar behaviour? Does anyone have an ideas what might be causing this?

Many Thanks,

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Paul_Yarwood

‎06-27-2013 07:59 AM

Are the guest wlans on the internal and DMZ controllers identical ?

Sounds like you have everything right.

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

5 Replies 5

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎06-27-2013 07:14 AM

Hi Paul

I'm not running 7.4.

I wold like to offer a few suggestions. Lets break down some of the complexity. Break off one of the anchors and test again. Also the tunnels are up, make sure the guest WLAN on the internal controller is anchored to the WLAN in the DMZ. Then make sure the anchor WLAN is anchored to itself.



Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

Go to solution
Paul_Yarwood
Level 1
Level 1
In response to George Stefanick

‎06-27-2013 07:21 AM

Hi George,

Thanks for the reply.

The Guest WLAN on the Internal Controller is Anchored to the WLC in the DMZ. The Guest Anchor is anchored to itself.

There are only two controllers in the configuration, so breaking off one of the Anchors isn't really an option.

I have tested the Guest Anchor as a Standalone WLC by connecting an AP directly to it, in that configuration DHCP works as expected.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Paul_Yarwood

‎06-27-2013 07:59 AM

Are the guest wlans on the internal and DMZ controllers identical ?

Sounds like you have everything right.

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Go to solution
Paul_Yarwood
Level 1
Level 1
In response to George Stefanick

‎06-28-2013 01:24 AM

George,    

I had thought so, checked it again and found the authentication order on the Internal Controller was slightly different.

Corrected that and it now works.

Thanks

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni

‎06-28-2013 01:55 AM

I'm glad you checked again. Thanks a lot for supporting me on the rating system ..

I hope one day cisco builds in a check and balance to flag adjacency issues like these.

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card