Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
757
Views
10
Helpful
4
Replies

vlan group

bluesea2010
Level 5
Level 5

‎10-16-2021 02:23 AM

Hi,

 

I am trying to configure  a vlan group with 2 vlans (10-11) for ssid on 5760 controller. 

I can't see client  is taking  ip address from the second vlan . it always get the ip address from the  vlan 10

 

I thought it randomly get ip  addresses from  both vlan 

 

 

here is the conf on distribution 

 

 

int vlan 10 

ip add 10.0.10.1 255.255.255.0

ip-helper address 192.168.1.100

 

 

int vlan 11 

ip add 10.0.11.1 255.255.255.0

ip-helper address 192.168.1.100

 

on WLC  an L2 VLAN and also L3 interface also configured  

 

on the below  blog  ,it says to add dhcp snooping 

https://mrncciew.com/2014/07/30/vlan-groups-in-57603850/

 

Do we really need dhcp snooping to  get ip from dhcp server ?

Since you do not have L3 interface of user vlans (1360-1363) on your 3850 switches,you have to enable DHCP snooping for vlan 1360-1363 in order to wireless client to get IP from a DHCP server. Refer Understanding DHCP Snooping post for more detail about this feature. Also you have to trust your uplink ports towards your DHCP server (G1/0/48 in this example)

 

Thanks

 

 

 

Thanks

Labels:
0 Helpful
4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

‎10-16-2021 03:28 AM

I would definitely follow Rasika’s blog. He does a lot here and as you can see test and lab out many scenarios. If he suggested that you need dhcp snooping, then that is what you need. The 5700 are no longer supported so there will not be any new fixes for that. Maybe take a look at the 9800’s.  There is also a 9800-CL that you can spin up on a VM and play around for free with as long as you have aps that are supported on that version of code. 

-Scott
*** Please rate helpful posts ***

bluesea2010
Level 5
Level 5
In response to Scott Fella

‎10-16-2021 12:42 PM

HI @Scott Fella 

 

AS I understand DHCP snooping is to protect clients from malicious DHCP packets.

How snooping helps  the client to get ip from server ?

 

Thanks

 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to bluesea2010

‎10-16-2021 01:31 PM

There are always things that you might need to do to make things work.  If you don't want to try it to see if it works, then create a bigger subnet and be done.  I would say to create a secondary interface, but seen many things go wrong with that in the past with wireless.  All you can do it try, then if it works, but you don't like it or you really want to not use dhcp snooping, then increase the subnet size.

-Scott
*** Please rate helpful posts ***

Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎10-16-2021 01:51 PM

So what I have read on vlan groups for the 5760, it depends if your access is L3 or not.  Converged access was designed for networks with L3 access in which you can also use switches that support CA to participate.  So if your access is L3, then like the Cisco guides show, its a simple configuration.  If you do have L2, then you would need to test out what Raskia posted in his blog.

-Scott
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card