Solved: Wireless client cannot connect to wlan

maucapina · ‎02-24-2014

Hi Guys

I'm configuring an WLC 5508 with 3702 APs, but I am not able to connect wireless client to wlan, it seems like DHCP is not working, because the client is not able to get an IP address (I've configured the DHCP server on Cisco Router). I've configured the Dynamic Interface (120) for Guest Users in WLC as follow:

SSID: Guest-Users

Interface Name: Guest-Users

VLAN Identifier: 120

IP Address: 10.1.10.254

Netmask: 255.255.255.0

Gateway: 10.1.10.1

The wlan (Guest-Users) is mapped to VLAN 120 and has no any security policies

This is the Router Configuration for Lab purpose

!

ip dhcp pool Test-Guest-Users

import all

network 10.1.10.0 255.255.255.0

default-router 10.1.10.1

dns-server 10.1.10.1

!

interface GigabitEthernet0/1.100

encapsulation dot1Q 100 native

ip address 10.1.7.1 255.255.255.0

!

interface GigabitEthernet0/1.120

description ### Test Guest Users ###

encapsulation dot1Q 120

ip address 10.1.10.1 255.255.255.0

!

This is the swtich configuration

!

interface GigabitEthernet1/0/46

description ### Link to AP ###

switchport access vlan 100

switchport mode access

!

interface GigabitEthernet1/0/47

description ### Link to WLC ###

switchport trunk native vlan 100

switchport trunk allowed vlan 100,110,111,120,130,131,140

switchport mode trunk

!

interface GigabitEthernet1/0/48

description ### Link to Router ###

switchport trunk native vlan 100

switchport trunk allowed vlan 100,110,111,120,130,131,140

switchport mode trunk

!

Hope any suggestions

Thanks

Marcelo

Scott Fella · ‎02-24-2014

Well if you can use a static and it works, then if you use the WLC as the internal DHCP, then you must have something configured wrong. First when using an internal DHCP, you need to make sure you have DHCP proxy enabled. Second, in the dynamic interface you created, you need to define the primary DHCP server as the WLC management IP.

Give that a try.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-24-2014

If you connect a wired machine on the switch assigned to access Vlan 120, does the device get an address? Let's make sure that works first. Connect the laptop to the same switch the WLC is connected to.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

maucapina · ‎02-24-2014

Hi Scott

I have not done exactly that test, but I tested by assign a static IP address to the laptop and I am able to connect to the wireless network. I also tried by configuring DHCP server locally on WLC, but does not work as well.

What other thing could be the root cause for you?

Thanks,

Marcelo

Scott Fella · ‎02-24-2014

Well if you can use a static and it works, then if you use the WLC as the internal DHCP, then you must have something configured wrong. First when using an internal DHCP, you need to make sure you have DHCP proxy enabled. Second, in the dynamic interface you created, you need to define the primary DHCP server as the WLC management IP.

Give that a try.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

maucapina · ‎02-25-2014

Thanks Scott

DHCP proxy was enabled, but I made an error while I defined the primary DHCP server as the WLC management IP. Also I've configured an external DHCP and does work fine now.

Marcelo

Scott Fella · ‎02-26-2014

Glad you got it working!

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Leo Laohoo · ‎02-24-2014

Are you sure you don't have any DHCP starvation?

Your configuration does not have any DHCP IP exclude statements. Next, your DHCP pool does not have a lease time.

Florin Barhala · ‎03-02-2014

Hi Leo,

What are the solution when facing a DHCP starvation attack over several Access Points?

I thought of ip dhcp snooping limit but I believe this end up by limiting legitimate requests too.

Simply enabling DHCP Snooping on the affected Vlan should decline additional requests coming with different chaddr values from the same source MAC address of the attacker?

Thanks in advance!