cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
917
Views
0
Helpful
3
Replies

WLC 5508 HA Anchor DHCP issue

benediktdiehl
Level 1
Level 1

Hi Cisco Support Community,

 

I am currently notice some issues within my WiFi infrastructure.
Our infrastructure is setup with a 8510 WLC high availability cluster (AP SSO) and a 5508 WLC high availability cluster (AP SSO) as mobility anchor within the DMZ zone.
The issue I noticed is that if there is a switchover on the 5508 WLC high availability cluster the users wont be able to receive a DHCP IP address.

I already read some of the other threads regarding this topic. (About Mobility Anchor: Policy Manager State = DHCP_REQD) (DHCP Anchor controller problem.)
But unfortunately I was unable to find any solution for my issue.

We currently have three SSID´s with anchoring active and I have noticed that only the SSID´s with layer 3 security enabled are affected by this issue.

The one SSID with PSK and MAC Auth are not affected by this issue.

I already checked the configuration for the SSID´s between the main controller and the anchor controller the SSID´s are configured the same except the breakout interface.

Even the described SSID with PSK and MAC Auth configured uses the same breakout interface as one of our layer 3 security enabled SSID´s.

The configuration works so far only in case of failover the clients connected to one of the SSID´s with layer 3 security enabled are unable to receive a IP address by the DHCP server.

I also performed some troubleshooting for the client on the anchor side.

I added part oft the troubleshooting outputs as workingssid.txt and notworkingssid.txt to this thread.

 

Maybe one of you guys have some advice for me to address the issue.

 

Thanks for your support in advance

 

With kind regards

Benedikt

 

3 Replies 3

gohussai
Level 4
Level 4

As far as your L3 roaming is concerned ,Make sure your using latest and most stable firmware for WLC,

Make sure Mobility group are same and config on WLCs before switchover happens. Make sure if DHCP is out the network then option 43 is set and you are able to get ip from both WLC manually and able to ping. Make sure AP-manager interface virtual ip is set. Make sure SSO is enabled on both controller.

 

Check the following link also.

https://supportforums.cisco.com/discussion/11662541/layer-3-roaming-and-dhcp

 

Please confirm and mark it correct answer if your issue resolved.

Are you using an external DHCP server or the built in server on the controllers?  DHCP is not a supported function on the controllers if they are in HA mode.  What version of code are you running?

Hi Justin, hi gohussai,

 

I configured a DHCP helper for the interface the users are terminating onto.

As DHCP server a Infoblox is configured.

We are running WLC version 8.0.100.0 on the affected systems.

 

@ gohussai

Could you please describe why DHCP option 43 is necessary for the clients to receive an IP address from the DHCP server.

From my understanding DHCP option 43 is used to inform any new access points where they are able to find their WLC.

 

Thanks for your support!

 

With kind regards

Benedikt

Review Cisco Networking for a $25 gift card