cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2960
Views
11
Helpful
20
Replies

Problems with external DHCP on a 9800-CL deployment

Hello:

We have several 9124AXi and 9105AXi APs under a 9800-CL virtual controller. We have created a WiFi network, and the clients are able to join it but they aren't able to get IP from the DHCP server on the network. Wireless clients with fixed IP works fine. Also all wired DHCP clients are working well for years, so it's not a DHCP server problem. We want to use the network central DHCP server, not the 9800's one. Network has no VLANs nor subnets.

Thanks in advance.

20 Replies 20

@Miguel Angel Alvarez Rodriguez 

"Network has no VLANs nor subnets"

This sentence does not make sense. You need vlan and subnet. 

Only one subnet, only default VLAN. Excuse me, I didn't think it was necessary to clarify.

Does your WLC have standard configuration? I mean, the WLC have layer2 interface only and trunk to core switch. The core switch have the Layer3 for Vlan (interface vlan) and the command "ip helper-address" working as DHCP relay?

Then the interface vlan have reachability with the DHCP server?  DHCP scope properly created on the DHCP server?

On the WLC config, when you create the "Configuration > Tags & Profiles > Policy. ", did you choose "Central DHCP"

 

 

 

 

WLC ethernet interface in conected directly to the same network, subnet and VLAN as the rest of all the devices in this network. It's a flat standard deployment: no smart swiches, no VLAN configurations, no trunks, one only network address... All is working on 192.168.1.0 / 24 using non administrable Cisco switches. 9800-CL is in the 192.168.1.70.

No helper-address configured and as long as I know it may not be necessary, sience the controller and the DHCP server are in the same subnet.

I can ping with no problems from the controller and the APs to the DHCP server.

The scope is well configurated since all not wireless DHCP devices are working fine. Also the APs are adquiring their own IP via this DHCP server.

Central DHCP is the first thing I reviewed. By default was enabled and I have test two configurations: disabled (to completely separate the controller from the DHCP process from the clients) and enabled and also configuring the DHCP Server IP address in the advanced section of the network policy. None of both working.

In that case, configured the WLC as DHCP proxy and add the DHCP server on the Policy profile

FlavioMiranda_0-1736512587154.png

 

If I understand you well then I need to try with this 3 settings at the same time:

- "Central DHCP" enabled (General options on Network policy)

- "DHCP Server IP address" =  local DHCP server IP address (Advanced options on Network policy)

- IPv4 Helper Address = local DHCP Server IP address (DHCP Relay options on Advanced settings on Ethernet  interface configuration)

THat's ok?

 IP helper-address is not necessary as the WLC and client are on the same network. 

 

ok. Thanks. Then as mentioned that is the second configuration I made and it also didn't work.

From now one I believe we need to check if the DHCP request is sent out. Can you run some packet capture or wireshark?  Or can you see on the WLC which  mensage you get for client? When the client does not get IP address it will indicate on client status.

Thank you. I'm going to make some more DHCP request tests and try to collect that info.

 

 @Miguel Angel Alvarez Rodriguez wrote       >...and it also didn't work.

   Could you also have a checkup of the 9800-CL configuration with
  the CLI command show tech wireless (not show techand feed the output to : Wireless Config Analyzer

 - Further engage in full client debugging according to https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , these debugs can be analyzed with Wireless Debug Analyzer

  - Outputs from the commands mentioned in https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#toc-hId-866973845 can also be useful

  M.


  



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Stefan Mihajlov
Level 3
Level 3


The issue with wireless clients not obtaining IP addresses from your central DHCP server in a 9800-CL deployment is likely due to improper handling of DHCP traffic by the controller. First, check if the DHCP Proxy feature on the Cisco 9800-CL is enabled, as this can interfere with DHCP traffic flow. Disabling it under the policy profile settings allows DHCP requests and offers to pass through unmodified. Ensure your WLAN configuration is correctly set to forward DHCP traffic to the central server and verify that no conflicting global overrides exist. Additionally, inspect the AP Join Profile to confirm it doesn’t block DHCP packets. Since your network has no VLANs or subnets, also verify if the controller is using central switching or FlexConnect with local switching. Misconfigured switching modes can lead to DHCP requests not reaching the server. Lastly, perform packet captures on both the DHCP server and the controller to identify where the traffic is being dropped. By ensuring the controller and APs are correctly configured to forward DHCP traffic, you should resolve the issue and allow wireless clients to obtain IP addresses.

If when you say "DHCP Proxy" you mean the "IPv4 helper address option" in the DHCP Relay section of the advanced settings tab of the ethernet controller configuration page, then yes, it is in blank and the relay information option is disabled too. I'm going to check if APs could be blocking that. Also I'm going to review if they are using FlexConnect or local switching. This two terms asociated to wireless are new form me.

I will send you PM

MHM

Review Cisco Networking for a $25 gift card