cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2711
Views
0
Helpful
18
Replies

WLC 4402 External DHCP

cef2lion2
Level 1
Level 1

I have a WLAN on a VLAN. Testing with open security till I get DHCP working. Using external DHCP server. The DHCP server exists on a different subnet then the scope it gives to clients. I have an interface defined on the VLAN and associated with the WLAN. The interface is the subnet of the scope set in the DHCP server. Clients can connect to the WLAN but are not getting an IP address from DHCP server.

Not sure how to make this work when the DHCP server is on another subnet from the clients scope.

Craig

18 Replies 18

ericgarnel
Level 7
Level 7

2 questions:

Are you using option 43?

Have you configured dhcp-relay?

(ip helper-address)

At our school the main network has control over the DHCP server and the router at the head of this wireless network.

As far as I know they are not using option 43. I asked and they said they do have a ip heler-address setup.

Craig

here is one url that may help:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808714fe.shtml#t1

Also, are the clients getting authenticated as well as associated? if not, your problem may be occurring before dhcp even begins

I have security disable for now until I get the DHCP working. The client connect to the WLAN but defaults to the Microsft default IP address. I checked the link you provided and it talks about option 43.

THe main network group at our school has control over the DHCP server and the router I'm behind. They have the DHCP helper address set. They are not receptive to using option 43. The DHCP server is Nominum's DCS v 2.064

What we have now is standalone access points that have an open WLAN. They all sit behind a VPN concentrator. Once they connect to the open WLAN they get a private IP address. They then authenticate to the VPN concentrator with a Cisco VPN client and that let them out. The clients now don't have an issue requesting a DHCP address off the DHCP server using the standalone APs. Issue seems to be the WLC isn't able to talk with the DHCP server or doesn't know how to reach it. My understanding is our DHCP server supports DHCP relay.

What we are trying to do is replace all of our standalone APs with Cisco 1130s and a 4402 concentrator.

I have not gotten to the authentication part yet. I can't get a client to connect to the WLAN and get a private IP from the external DHCP server. For whatever reason it seems like the WLC is not able to relay the DHCP request to the DHCP server.

What is the dhcp server configuration on the WLC interface AND/OR the wlan?

On the interface for the WLAN I just enter the address of the external DHCP server. The interface I have defined is the subnet of the pool of addresses given out by the DHCP server. I also tried entering the DHCP address in the advanced tap of the WLAN. No luck as well.

Do I need a route statement on the WLC to point to the DHCP server?

Craig

The WLC must somehow be able to reach the dhcp server & vice-versa.

With our older setup our clients have no issue getting a DHCP address using our current APs. The client must connect to the WLAN and do a DHCP request on there own and get an address.

With the WLC from what I know it handles the request for the client. With the WLC you have to point to the DHCP server. For whatever reason it isn't able to do so.

Wondering about the interface I have defined on the WLC. I have the interface defined with the subnet of the DHCP address pool. Itried creating an interface with the subnet that contains the DHCP server. That isn't working. I can't test ping the DHCP server since ping to it is disabled.

Try this.

Put a laptop on the same vlan that you are binding to the wlan on the wlc. If you cannot get an ip via dhcp from the designated dhcp server, then your problem is before you get to the WLC.

Also, another thing to check: are you pruning out the vlan from the trunk between the switch and the WLC? that would stop you cold as well too.

I tried a laptop on that VLAN and it gets an address no problem.

I have trunking setup on the switch port that the WLC connected to. Must be working as I have anothr VLAN setup with another WLAN and that is working fine. That will be our new form of authentication. I need to get this VPN form of authentication going so I can replace our old APs. That way I can broadcast two SSIDs. The students would then have an easy transition.

Craig

So, you are not pruning or removing vlans from the trunk and the dynamic interface on the wlc is bound to the same vlan id?

Do you have dhcp override enabled on the wlan settings perhaps?

Not pruning or removing vlans. The dynamic interface on the wlc is on the correct vlan. I tried dhcp override on the wlan and pointed it at the DHCP but it didn't change anything. I turned it back off and let the interface handle the DHCP pointer.

Craig

Just for grins, delete & re-add the wlan

Will do. I'm not really sure what address to use for the interface for this WLAN. Should the address of the interface be on the private subnet that the DHCP will be giving to clients? That is what I have been trying.

For example.

Our DHCP scope for clients is 172.31.89.2-254

DHCP server address is in another public subnet.

Should my WLC interface be as follows which defines the subnet. Or does the interface have to be an address in the subnet. That isn't possible now as the DHCP server is giving out all address in that subnet for clients.

172.31.89.0

255.255.255.0 Mask

172.31.89.1 GW

Craig

Review Cisco Networking for a $25 gift card