01-10-2025 01:58 AM
Hello:
We have several 9124AXi and 9105AXi APs under a 9800-CL virtual controller. We have created a WiFi network, and the clients are able to join it but they aren't able to get IP from the DHCP server on the network. Wireless clients with fixed IP works fine. Also all wired DHCP clients are working well for years, so it's not a DHCP server problem. We want to use the network central DHCP server, not the 9800's one. Network has no VLANs nor subnets.
Thanks in advance.
01-10-2025 02:20 AM
@Miguel Angel Alvarez Rodriguez
"Network has no VLANs nor subnets"
This sentence does not make sense. You need vlan and subnet.
01-10-2025 02:37 AM
Only one subnet, only default VLAN. Excuse me, I didn't think it was necessary to clarify.
01-10-2025 02:58 AM
Does your WLC have standard configuration? I mean, the WLC have layer2 interface only and trunk to core switch. The core switch have the Layer3 for Vlan (interface vlan) and the command "ip helper-address" working as DHCP relay?
Then the interface vlan have reachability with the DHCP server? DHCP scope properly created on the DHCP server?
On the WLC config, when you create the "Configuration > Tags & Profiles > Policy. ", did you choose "Central DHCP"
01-10-2025 04:03 AM
WLC ethernet interface in conected directly to the same network, subnet and VLAN as the rest of all the devices in this network. It's a flat standard deployment: no smart swiches, no VLAN configurations, no trunks, one only network address... All is working on 192.168.1.0 / 24 using non administrable Cisco switches. 9800-CL is in the 192.168.1.70.
No helper-address configured and as long as I know it may not be necessary, sience the controller and the DHCP server are in the same subnet.
I can ping with no problems from the controller and the APs to the DHCP server.
The scope is well configurated since all not wireless DHCP devices are working fine. Also the APs are adquiring their own IP via this DHCP server.
Central DHCP is the first thing I reviewed. By default was enabled and I have test two configurations: disabled (to completely separate the controller from the DHCP process from the clients) and enabled and also configuring the DHCP Server IP address in the advanced section of the network policy. None of both working.
01-10-2025 04:36 AM
In that case, configured the WLC as DHCP proxy and add the DHCP server on the Policy profile
01-10-2025 05:21 AM
If I understand you well then I need to try with this 3 settings at the same time:
- "Central DHCP" enabled (General options on Network policy)
- "DHCP Server IP address" = local DHCP server IP address (Advanced options on Network policy)
- IPv4 Helper Address = local DHCP Server IP address (DHCP Relay options on Advanced settings on Ethernet interface configuration)
THat's ok?
01-10-2025 05:35 AM
IP helper-address is not necessary as the WLC and client are on the same network.
01-10-2025 05:42 AM
ok. Thanks. Then as mentioned that is the second configuration I made and it also didn't work.
01-10-2025 06:28 AM
From now one I believe we need to check if the DHCP request is sent out. Can you run some packet capture or wireshark? Or can you see on the WLC which mensage you get for client? When the client does not get IP address it will indicate on client status.
01-15-2025 02:43 AM
Thank you. I'm going to make some more DHCP request tests and try to collect that info.
01-10-2025 06:32 AM - edited 01-10-2025 06:37 AM
 @Miguel Angel Alvarez Rodriguez wrote       >...and it also didn't work.
   Could you also have a checkup of the 9800-CL configuration with 
  the CLI command show tech wireless (not show tech) and feed the output to : Wireless Config Analyzer
- Further engage in full client debugging according to https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , these debugs can be analyzed with Wireless Debug Analyzer
- Outputs from the commands mentioned in https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#toc-hId-866973845 can also be useful
M.
  
01-10-2025 03:29 AM
The issue with wireless clients not obtaining IP addresses from your central DHCP server in a 9800-CL deployment is likely due to improper handling of DHCP traffic by the controller. First, check if the DHCP Proxy feature on the Cisco 9800-CL is enabled, as this can interfere with DHCP traffic flow. Disabling it under the policy profile settings allows DHCP requests and offers to pass through unmodified. Ensure your WLAN configuration is correctly set to forward DHCP traffic to the central server and verify that no conflicting global overrides exist. Additionally, inspect the AP Join Profile to confirm it doesn’t block DHCP packets. Since your network has no VLANs or subnets, also verify if the controller is using central switching or FlexConnect with local switching. Misconfigured switching modes can lead to DHCP requests not reaching the server. Lastly, perform packet captures on both the DHCP server and the controller to identify where the traffic is being dropped. By ensuring the controller and APs are correctly configured to forward DHCP traffic, you should resolve the issue and allow wireless clients to obtain IP addresses.
01-10-2025 04:11 AM
If when you say "DHCP Proxy" you mean the "IPv4 helper address option" in the DHCP Relay section of the advanced settings tab of the ethernet controller configuration page, then yes, it is in blank and the relay information option is disabled too. I'm going to check if APs could be blocking that. Also I'm going to review if they are using FlexConnect or local switching. This two terms asociated to wireless are new form me.
01-10-2025 04:06 AM
I will send you PM
MHM
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide