Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16890
Views
11
Helpful
6
Replies

WLC 9800 Wireless Clients not getting DHCP IP Address

Go to solution
donniebman
Level 1
Level 1

‎11-05-2019 02:41 PM - edited ‎07-05-2021 11:14 AM

I'm hoping for some help here, I'm trying to fire up a new Cisco 9800 WLC for first use, and for some reason I cant get the DHCP discovery from the client to be forwarded to and external DHCP Server.  I enabled the DHCP Service from the CLI, also enabled "ip dhcp relay information trusted" on all the ports including the channel-port, but with no luck.  when I enable wire shark on my client I see the requests going out for discovery, with no responses coming back.  I am using vtp 3 setup so I can pull all the vlans down from the master switch, but unlike 5508 WLC there's no settings to point to a specific DHCP server there. Under Tags and Policies,  I configured my policy in the advanced tab to require IPv4 DHCP and put a DHCP Server IP Address in it.  I do have Central DHCP enabled on the general tab, but not quite sure what that setting is (on by default). I've toggled through various settings and not sure what to do next.

 

5 people had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
donniebman
Level 1
Level 1
In response to pieterh

‎11-12-2019 08:33 AM

I am able to apply "ip dhcp server X.X.X.X in a global setting but not on the interfaces, nor can I place a helper-address on any of the interface except for vlan1. all the other vlan interfaces are on the router. I do have policies associated to the wlan's requiring DHCP and a ip address to the server is there but when I pull wireshark from the client, I see the relay address, but when I pull wireshark on the AP interface, and the controller interfaces the source address has been stripped out.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
pieterh
VIP
VIP

‎11-08-2019 07:39 AM

read this document

the command ip dhcp server 200.1.1.2 is available in interface configuration mode

you can configure it in an interface assigned to a WLAN

and you can override it per WLAN assigned to an interface in wlan configuration mode

Go to solution
netops500
Level 1
Level 1
In response to pieterh

‎11-11-2019 12:18 PM - edited ‎11-12-2019 08:30 AM

 
0 Helpful

Go to solution
donniebman
Level 1
Level 1
In response to pieterh

‎11-12-2019 08:33 AM

I am able to apply "ip dhcp server X.X.X.X in a global setting but not on the interfaces, nor can I place a helper-address on any of the interface except for vlan1. all the other vlan interfaces are on the router. I do have policies associated to the wlan's requiring DHCP and a ip address to the server is there but when I pull wireshark from the client, I see the relay address, but when I pull wireshark on the AP interface, and the controller interfaces the source address has been stripped out.
0 Helpful

Go to solution
netops500
Level 1
Level 1

‎11-12-2019 02:19 PM

Do you have the dhcp relay on each vlan interface on the wireless controller?  you need to have the SVI for each network you are using on your wireless, otherwise each vlan won't know to relay it.  unfortunately you cant put a ip-helper address in the global config.  if the vlan on your router is say 10.100.50.1 255.255.255.0 then just create the SVI to be 10.100.50.2 255.255.255.0.  If you ever worked on the 5500 series controllers it had kind of the same concept.  let me know

Go to solution
stuart.pannell
Level 1
Level 1
In response to netops500

‎04-18-2023 06:02 AM

Creating an SVI for each vlan that are assigned to specific wlan's would create local routing for each wlan. If the client changed thier gateway to be that of the SVI then this can cause a security issue because the WLC would be acting as a router and the client would be able to route between vlans?  Imagine having a corporate vlan and a guest vlan, they would be able to route between them? In my case I have the client gateways further upstream and just have a layer2 vlan assigned to the wlan, on the L3 SVI's on the neighboring router I have ip helper-address assigned yet still my clients are not getting an address from the DHCP server. older Aeros WLC's would proxy the requests out from each client interface to the configured DHCP server on that interface.

Go to solution
Rich R
VIP
VIP
In response to stuart.pannell

‎04-18-2023 06:07 AM

Exactly - which is why Cisco do not recommend using SVI on 9800 (although required for specific features).  Refer to best practices guide below.  If you do use SVI then you need appropriate ACLs etc to mitigate the security risk that creates so generally better to use the upstream device instead.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card