Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1205
Views
6
Helpful
11
Replies

Intermittent connection issues to external DHCP from dynamic interface

ricpe
Level 1
Level 1

‎12-08-2023 02:06 AM

Hi,

We have a 5520 WLC with software version 8.3.150.0. Two dynamic interfaces is configured for guests, seperated because they are for customers in two different countries. We have intermittently been losing connection to our external DHCP-server from one of those interfaces. The connection can be lost ranging from hours to days, then suddenly it comes back up. We have been troubleshooting this, looking at routing, firewalls, VLAN trunks etc. but everything is in order. It's weird because it has happened six times since August this year. The Guest WLANs have central switching applied. Debugging from the WLC shows DHCP Discover packet from client which the WLC then forwards to the external DHCP Server, but doesnt receive a DHCP Offer back. I am aware that the WLC version is old, but for some reason only one dynamic interface loses connection. Any ideas here?

Labels:
0 Helpful
11 Replies 11

MHM Cisco World
VIP
VIP

‎12-08-2023 02:10 AM

I think the AP is flexmode

If yes

Config DHCP in same site as WLC and make dhcp centralize' i.e. dhcp request from wifi client pass to wlc even if AP is switching traffic.

MHM

ricpe
Level 1
Level 1
In response to MHM Cisco World

‎12-08-2023 03:38 AM

Sorry for not clarifying, but yes the APs are in flexmode with central switching. I'm not sure exactly what you mean, but you want me to have the DHCP-server in the same subnet as the WLC?

0 Helpful

ricpe
Level 1
Level 1
In response to MHM Cisco World

‎12-08-2023 04:04 AM

Hi,

The guide assumes FlexConnect local-switching but I don't want to activate that for this customer. To get a general idea for how the WLC is setup:

Dynamic interface 1 which has no problems at all:

VLAN Identifier: 120

IP Address: 10.10.0.10

Netmask: 255.255.0.0

Gateway: 10.10.0.1

Primary DHCP Server: 10.110.30.40

Secondary DHCP Server: 10.110.30.41

Dynamic interface 2 which has intermittent problems with DHCP connectivity:

VLAN Identifier: 140

IP Address: 10.11.0.10

Netmask: 255.255.0.0

Gateway: 10.11.0.1

Primary DHCP Server: 10.110.30.40

Secondary DHCP Server: 10.110.30.41

 

So for several months I have connectivity to the external DHCP-servers from both dynamic interfaces. But then suddenly Dynamic interface 2 loses it's connectivity, sometimes for several days before it comes up again. Dynamic interface 1 never has any problems whatsoever. I can see that clients that connect to dynamic interface 2 sends DHCP Discover packets, and that the WLC is forwarding them to the DHCP, but the WLC doesnt receive any DHCP-offer from the DHCP-server. Now, I dont know if this is related to the WLC, but we have checked every configuration, routing, trunk-ports and they're accurate.

0 Helpful

MHM Cisco World
VIP
VIP

‎12-08-2023 04:43 AM

Are wlc connect to Cat9000 series SW?

MHM

ricpe
Level 1
Level 1
In response to MHM Cisco World

‎12-08-2023 05:20 AM

I dont think so, but the problem occurs for every customer with a Guest SSID that is assigned to the dynamic interface. So it's not a specific site.

0 Helpful

MHM Cisco World
VIP
VIP
In response to ricpe

‎12-08-2023 05:32 AM

You mention central switching' so are there any cat9k in wlc site?

MHM

0 Helpful

marce1000
Hall of Fame
Hall of Fame

‎12-08-2023 04:45 AM

 

          >... but for some reason only one dynamic interface loses connection. 
 - It can still be related to bug(s) ; as per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html  , use (upgrade to) https://software.cisco.com/download/home/286284738/type/280926587/release/8.10.190.0
   
  - TAC support is diminishing and aireos based controllers should move forward to last/latest available software version

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

ricpe
Level 1
Level 1
In response to marce1000

‎12-08-2023 05:22 AM

Thanks, I will look into upgrading the WLC which I know is on very old software.

Rich R
VIP
VIP

‎12-08-2023 09:18 AM

It goes without saying that the software is very old and needs upgrading but if it's not a software problem then what might it be?

You say the WLC is forwarding the DHCP discover to the DHCP server but getting no reply.
Have you done a packet capture on the DHCP server to confirm the discover is received by the server?
And that it's a valid discover packet it receives from the WLC?
And if the server is sending a response?
If it is then why does that response not reach the WLC (routing maybe)?
If no response then why?  Check DHCP server logs.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

ricpe
Level 1
Level 1
In response to Rich R

‎12-11-2023 12:09 AM - edited ‎12-11-2023 12:12 AM

Hi, thanks for the reply.

We created a lab-host in the same subnet as the Dynamic interface (10.11.0.0/16) and sent a DHCP-request packet to the DHCP-server, with Wireshark enabled on lab-host. But we havent used packet capture from the DHCP-servers perspective. Now everything is working again, after clients didnt receive IP for 3 days.. So we have to do the packet capture from DHCP-server when it fails again, which we dont know when it will happen.  

We have checked the DHCP-server logs and haven't found anything.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top