Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
5
Helpful
4
Replies

Using both external and internal DHCP on WLC

Philip Vilhelmsson
Level 1
Level 1

‎11-26-2012 12:45 PM - edited ‎07-03-2021 11:07 PM

Hi,

I am wondering if the folowing is a valid configuration:

WLC2504

AP2600

I need 3 SSID/VLAN, 1 for corporate devices, 1 for coporate smartphones, 1 for guest.

Port 1 on the 2504 should be used for management and corporate devices and connect to the corp network.

Port 2 is for smartphones/guest and will be connected to a Cisco ASA 5515 that is connected to a second ISP.

Corp devices should get IP from an Windows DHCP. Smartphones/guest should get IP from the WLC.

Is this possilbe? I read this in a document "To use the WLC as a dhcp, you need to enable DHCP proxy as it is required." Some how I am imagining that this will mess with the Windows DHCP. Is it better to use the ASA as DHCP for smartphones/guest?

Regards,

Philip

Labels:
0 Helpful
4 Replies 4

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎11-26-2012 12:49 PM

ASA as dhcp server require dhcp proxy disabled on wlc.

Internal dhcp on wlc require dhcp proxy enabled on wlc.

windows dhcp server can work with dhcp proxy disabled or enabled on wlc.

0 Helpful

Carlos Leiton
Level 1
Level 1

‎11-26-2012 04:54 PM

I would recommend to use:

Microsoft DHCP server and WLC internal server, both with the DHCP proxy enabled.

The other option:

ASA DHCP server and WLC internal DHCP will not work, as the WLC DHCP proxy is a global feature, and needs to be either enabled or disabled, so it will only work for the ASA (disabled) or for the WLC internal DHCP (enabled) but not for both at the same time.

0 Helpful

Philip Vilhelmsson
Level 1
Level 1

‎11-26-2012 08:53 PM

I just had a second thought on this and is not sure that it will work. If I put the mobile/guest SSID on port 2 it will only be broadcast out those ports right?

This is how I wanted it connected originaly:

AP-SW-WLC-Firewall

But the port connected to the switch must allso have the mobile/guest WLAN right? Else the AP won't broadcast it right?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Philip Vilhelmsson

‎11-27-2012 04:10 AM

The AP tunnels traffic back to the management interface. So if you want to split the traffic after it goes back to the WLC you can. You need to trunk the ports and only allow what vlans on the trunk port. So if your management and corp users are going to be put in port one connected to a switch, then only allow the management vlan and the corp vlan on that trunk port. For the mobile and guest using port 2, only allow those a vlans on the trunk connected to your DMZ.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card