Hi,

It would be really useful if someone could give a quick breakdown on the difference between AireOS config and IOS XE ....not getting anywhere fast with the documentation. Thanks.

ED

Hi,

I am in the same situation on a new 9800 deployment. I tried several configuration, just like kdavison suggests. I did some packet captures on the L3 router and the WLC is clearly not relaying the DHCP request. We had to enable DHCP relay on the L3 router instead. It was working fine with a previous AireOS controller in the same subnet.

DHCP relay however works when using an internal DHCP pool on the 9800 and relaying to the Loopback of the 9800.

We are running version 16.12.1s.

I have nothing for this output.

Did you have success with a specific option here?

My problem is that the DHCP Request of the client never makes it out of the controller because I cannot not see any UDP/67 while capturing packet at the L3 router (actually a firewall). Sure you can have issues with option 82 but this is a different matter here.
I will try and replicate the issue on the lab, maybe I missed something on the customer configuration...

We have the same issue here.

In my case, the DHCP server resides in the same network as the controller. I can see the requests reach the DHCP server and being processed, however, the answer never seems to reach the controller.

As far as I found out (didn't verify this by packet capture) the problem is a change in the way packets are routed.

Within AireOS, the default gateway of the VLAN from which the original request came was used to send the relayed request to the configured dhcp server.

Now, with IOS XE, the default gateway of the system is used (you can not enter any default gateway for VLANs within IOS XE, only the IP and netmask.). So the relayed DHCP packets are send to the DHCP server using the controllers routing table, are being processed by the DHCP server and I believe the DHCP server is sending the answer back to the IP of the controllers SVI in the originating VLAN of the DHCP request, which is embodied in the relayed DHCP request. The controller does not expect the answer on its SVI interface and drops the packet.

On the controller, I had to add a static route to the dhcp server using the gateway of the VLAN and all starts working. But that means you will be unable to use the same DHCP server for different VLANs. And in my case, the radius service is running on the same boxes as the DHCP service, so I had to add IP aliases to the boxes to make this all work together. I see this behavior as a massive setback to the old AireOS-based controllers.

Hope I made myself clear, sorry for my bad english.

Edit/Addition: Its worse than I thought. I now did some packet capturing which confirmed my suspicions.

The controller sends out the relayed DHCP packet using its routing table instead of using the default gateway of the originating VLAN (which can be entered nowhere in the controller - or I didn't find it yet). To make this even worse, its using the IP address of its SVI interface as source address regardless of the interface it is sending the packet out. This is doomed to fail.

Edit2: I contacted Cisco TAC about this and they confirmed this behavior is a known bug (CSCvr86358). Suggested workaround is to delete the SVI on the controller and using the upstream routers dhcp forwarding capability. This works for me so far.

Thank you Andreas for your inputs! Did the TAC mention any upcoming correction of this bug?

I Also have this issue. I see the DHCP server reply's to the wireless management interface of the controller. Then a pcap on the client shows that the DHCP offer is being send from the controller wireless management interface to the client. BUT the client dosent accept the dhcp OFFER. ??

Not too sure what happening here.