WLC-9800 External dhcp guide



Having an issue with the 9800 controller setup in sso, where I cant get clients to get a dhcp reply. The aps are up.. the ssid are up..  but external dhcp not so much


I have tried setting it up globally under policy without effect. I have tried setting up the svi with an helper and I can reach the dhcp server . but traffic comes back on the mgmt intf (ap intf) been looking everywhere for some good guides on the 9800 regarding dhcp externally (also the vrf options) does anyone have any good tips here=? 


This was an issue I had last year so I’m going off memory. I do not use SVIs on my 9k WLCs for the WLAN interfaces so you are correct in your thinking. I believe I had a DHCP option statement that was causing problems IIRC.

Ok thanks @kdavison007

i have this issue too,


Did anyone resolve this?


i am not using SVI on the c9800, the ip helpers are on teh upstream core switches. when ipv4 is required, i am not getting clients stuck in ip learn, but when unchecked they get dhcp fine.

when ipv4 is required, i am getting clients stuck in ip learn, but when off they get dhcp fine

When you tick "IPv4 DHCP Required",  did you configure the DHCP server IP address on the next field ? If not try it.





Yes. I did put an ip in that field

Hi Folks,

Same issue here.

Other interesting post:

For info, here are Bugs I found related to DHCP:

CSCvs03177 : Client stuck in IP learn state with FlexConnect local switching + central DHCP + DHCP required.
CSCvr86358: Cat9800 sourcing DHCP proxy packets using SrcIP SVI but vlan tag of wireless mgmt interface.

We are now running version: 16.12.4a

APs are in Flexconnect mode.

We have a SVI configured for each Centrally-switched WLAN . This is mandatory in order to have DHCP relay function working on the c9800 WLC.
The best practice document states the following about DHCP relay:
"the DHCP address will be sourced from the IP address of the client SVI and routed out of the interface that matches the destination (IP address of the DHCP server) in the routing table."
However, I have discovered (thanks to this post) that there is still the option (CLI & GUI) to make sure it is the case:

interface VlanXXX
 description centrally-switched WLAN
 ip vrf forwarding myVRF
 ip dhcp relay source-interface VlanXXX
 ip address
 ip helper-address


Edit: Cisco Catalyst 9800 Series Wireless Controller does not support VRFs or routing protocols. I will delete the SVIs and Configure the DHPC relay on the upsteam switch then.



I have the same issue as well like yours, running flexconnect and put the ip helper address at the Local gateway SVI however for laptop's all working fine but got "IP Learn State" for CIsco wireless Dect Phone 8821 and just get no clue what going on with it. I plan to upgrade the firmware to 16.12.5 since you mentioned it was a bug for 16.12.4a firmware.


Please advise if anyone has more clue on this issue.


Have you tried disabling "IPv4 DHCP Required" option? I've been having strange behaviours in 16.12 regarding this feature and I would suggest disabling it.

Is it at policy profile advance tab?

As i remember i did not enable this.


Yes, parameter is under Policy Profile > Advanced > DHCP > IPv4 DHCP Required

yup confirm that i did not turn on this, i just let the local traffic flow to local switching gateway SVI and let ip helper redirect to the respective dhcp server.


i think i shall try the upgrade firmware to 16.12.5 if see have luck.

Did upgrading help? I seem to be having this same problem. I am also on version 16.12.4a



For my problem upgraded firmware doesn't help but found the issue is from CUCM DSCP configuration itself which cause the Wireless Ip phone can't work properly.



