10-16-2021 02:23 AM
Hi,
I am trying to configure a vlan group with 2 vlans (10-11) for ssid on 5760 controller.
I can't see client is taking ip address from the second vlan . it always get the ip address from the vlan 10
I thought it randomly get ip addresses from both vlan
here is the conf on distribution
int vlan 10
ip add 10.0.10.1 255.255.255.0
ip-helper address 192.168.1.100
int vlan 11
ip add 10.0.11.1 255.255.255.0
ip-helper address 192.168.1.100
on WLC an L2 VLAN and also L3 interface also configured
on the below blog ,it says to add dhcp snooping
https://mrncciew.com/2014/07/30/vlan-groups-in-57603850/
Do we really need dhcp snooping to get ip from dhcp server ?
Since you do not have L3 interface of user vlans (1360-1363) on your 3850 switches,you have to enable DHCP snooping for vlan 1360-1363 in order to wireless client to get IP from a DHCP server. Refer Understanding DHCP Snooping post for more detail about this feature. Also you have to trust your uplink ports towards your DHCP server (G1/0/48 in this example)
Thanks
Thanks
10-16-2021 03:28 AM
I would definitely follow Rasika’s blog. He does a lot here and as you can see test and lab out many scenarios. If he suggested that you need dhcp snooping, then that is what you need. The 5700 are no longer supported so there will not be any new fixes for that. Maybe take a look at the 9800’s. There is also a 9800-CL that you can spin up on a VM and play around for free with as long as you have aps that are supported on that version of code.
10-16-2021 12:42 PM
HI @Scott Fella
AS I understand DHCP snooping is to protect clients from malicious DHCP packets.
How snooping helps the client to get ip from server ?
Thanks
10-16-2021 01:31 PM
There are always things that you might need to do to make things work. If you don't want to try it to see if it works, then create a bigger subnet and be done. I would say to create a secondary interface, but seen many things go wrong with that in the past with wireless. All you can do it try, then if it works, but you don't like it or you really want to not use dhcp snooping, then increase the subnet size.
10-16-2021 01:51 PM
So what I have read on vlan groups for the 5760, it depends if your access is L3 or not. Converged access was designed for networks with L3 access in which you can also use switches that support CA to participate. So if your access is L3, then like the Cisco guides show, its a simple configuration. If you do have L2, then you would need to test out what Raskia posted in his blog.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide