WLC 9800-40 clients not getting dhcp address

429Kjjwmh · ‎08-12-2024

New to the WLC 9800 migrating from a 5508. Clients connecting that were recently connected via an ap connected to 5508 work fine on the same ssid on an ap connected to the 9800 but anything that doesn't have a dhcp assignment already, fails to connect. A guest network using wlc internal dhcp works fine also.

I've tied just about everything I could find in similar posts here but haven't had any luck yet.

9800 is running 17.09.04a

I can post a full config if needed but here are some relevant snippets

ip dhcp-server 172.20.0.10

interface Vlan11
description mgmt
ip address 172.20.0.108 255.255.248.0
ip helper-address 172.20.0.10

wireless profile policy 9800Test
ipv4 dhcp server 172.20.0.10
service-policy input silver-up
service-policy output silver

MHM Cisco World · ‎08-12-2024

What is wifi client vlan ? Are you config vpan svi in wlc or in SW?

MHM

429Kjjwmh · ‎08-12-2024

The it happens in all the client vlans I've configured but the one I've been using to test is vlan 67. The svi is configured on the wlc.

MHM Cisco World · ‎08-12-2024

Then you need ip helper under vlan 67 svi in wlc not under mgmt vlan

MHM

429Kjjwmh · ‎08-12-2024

I was under the impression from reading documentation and other posts here that creating an svi in every vlan was no longer best practice. Regradless, I did temporarily create an svi in vlan 67 with the helper address but still had the same issues.

MHM Cisco World · ‎08-12-2024

which one is your case ?

429Kjjwmh · ‎08-12-2024

The third one if I'm reading that correctly. the vlan on the switch has a helper address configured. The Wireless controller doesn't have an svi in that vlan at all aside from when I temporarily created one which has been deleted

MHM Cisco World · ‎08-12-2024

Ok' and server is different vlan than wifi client?

If Yes

Check in wlc

Monitoring >wireless >client

See the status of wifi client in which status it stop?

Share screenshots if you can

Also in SW' do show ip interface breif

Check of SVI UP/UP

MHM

429Kjjwmh · ‎08-12-2024

The client I'm attempting to connect on isn't showing up in there at all. On the (windows) client it just says failed to connect. Android phone will say unable to obtain IP.

WLC9800-40#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Te0/0/0 unassigned YES unset up up
Te0/0/1 unassigned YES unset up up
Te0/0/2 unassigned YES unset down down
Te0/0/3 unassigned YES unset down down
GigabitEthernet0 unassigned YES unset administratively down down
Port-channel1 unassigned YES unset up up
Vlan1 unassigned YES NVRAM up up
Vlan11 172.20.0.108 YES manual up up
Vlan244 192.168.80.2 YES manual up up

MHM Cisco World · ‎08-12-2024

I dont see vlan 67

Also AP is local mode not flex?

MHM

429Kjjwmh · ‎08-13-2024

AP is local and not flex, although eventually I'll need this working for flex aps as well but on an different network.

As I had said, I had made an svi in vlan 67 and then deleted it again as I was reading that's no longer the recommended practice.

I remade it again this morning and did some testing. I'm now able to have a client connecting to that vlan get an IP address from dhcp except it's getting the ip address for the vlan 11 where the management interface is.

MHM Cisco World · ‎08-13-2024

The wifi client have many state abd end with client get IP from dhcp server.

So it can that client never pass previous state' and hence never ask IP.

To know if wlc forward wifi client dhcp request to dhcp server use

Troubleshooting > packet capture > add new capture and select inner filter dhcp

This Like wireshark but this embedded into wlc

MHM

marce1000 · ‎08-12-2024

Corrections : read the link below frst
- : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#DHCPbridgingandDHCPrelay

Also have a checkup of the 9800 WLC configuration with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer
(do not use a simple show tech as input for this procedure use the full command as mentioned in green)

- If needed engage in full client debugging according to https://logadvisor.cisco.com/logadvisor/wireless/9800/9800ClientConnectivity , these debugs can be analyzed with Wireless Debug Analyzer

- When you try to make improvements use commands from https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217738-monitor-catalyst-9800-kpis-key-performa.html#anc5 to observe client behavior

+ Consider 17.12.3 because it is latest advisory release.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Flavio Miranda · ‎08-12-2024

@429Kjjwmh

Which kind of authentication are you using? Are you able to ping the DHCP server using Vlan11 as source? Do you have logs on the DHCP server to check if clients is asking for DHCP? Which kind of logs do you see on the WLC if you enable client debug?

429Kjjwmh · ‎08-12-2024

Auth: WPA2+3 PSK

I am able to ping dhcp using vlan 11 as source. Both the management interface and dhcp server are in vlan 11.

There are no logs for this clients mac in the dhcp server when I attempt to connect to an ap on the 9800.

Radioactive trace filtered to the clients mac comes up empty