Re: Problems with external DHCP on a 9800-CL deployment - Page 2

Miguel Angel Alvarez Rodriguez · ‎01-10-2025

Hello:

We have several 9124AXi and 9105AXi APs under a 9800-CL virtual controller. We have created a WiFi network, and the clients are able to join it but they aren't able to get IP from the DHCP server on the network. Wireless clients with fixed IP works fine. Also all wired DHCP clients are working well for years, so it's not a DHCP server problem. We want to use the network central DHCP server, not the 9800's one. Network has no VLANs nor subnets.

Thanks in advance.

Rich R · ‎01-12-2025

@MHM Cisco World why do you keep telling users (twice in this case!) that you will send them PMs when Cisco Community is about sharing info and solutions - not keeping them secret?

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

MHM Cisco World · ‎01-12-2025

MHM

Rich R · ‎01-12-2025

No, I do not understand, it makes no sense at all.
I've never suggested you were an AI or anything other than human so don't where that idea comes from!

Unless you're implying that you would share the correct answer after your DM discussion? (but you have not said that)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

MHM Cisco World · ‎01-11-2025

I send you PM

MHM

Rich R · ‎01-12-2025

@Miguel Angel Alvarez Rodriguez since you're using this completely flat network with all devices on the same VLAN and subnet you may essentially be running an unsupported config for central switching.
First - check you have followed the 9800-CL setup guide correctly - there are a number of Hypervisor settings required for it to work correctly. (you didn't mention what Hypervisor you're using). Follow the step by step making sure you have not missed any of them:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-cl-dg.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/9800-cloud/installation/b-c9800-cl-install-guide.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#C9800CLconsiderations

Second: Make sure your software is up to date - refer to the TAC recommended versions link below.

To clarify: Flexconnect is the AP mode - otherwise it can be in Local mode.
In Local mode all client traffic is tunnelled to the WLC via CAPWAP and breaks out from the WLC - that is Central switching.
When the AP is in Flexconnect mode then the WLAN can be configured for Central or Local switching. With Local switching instead of tunnelling traffic to the WLC over CAPWAP the APs break the client traffic out on the local AP ethernet port. Check out:
https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213945-understand-flexconnect-on-9800-wireless.html

The config you're running is essentially very similar to running EWC on AP with no VLANs where everything sits on the same VLAN and subnet. For a proper WLC config you would normally have WLC and AP management on a completely separate subnet and VLAN from the clients. The WLC would not have any layer 3 (IP) interface for the client subnet - just the layer 2 VLAN and all layer 3 functions (like DHCP) handled outside of the WLC. In EWC on AP the AP operates in Flexconnect local switching so the client traffic exits directly from the AP switch port not via the controller. If you've checked all the previous points and still can't get it to work then I highly recommend changing the APs to Flexconnect mode with local switching and local DHCP to see whether that resolves your issue.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Miguel Angel Alvarez Rodriguez · ‎01-15-2025

Thank you. I'm going to make some more tests and collect some more logs just to know what's going on, but I will try flexconnect mode since, as you described it, this behaviour is exactly the one I want. I'll tell you how it goes.