11-05-2019 02:41 PM - edited 07-05-2021 11:14 AM
I'm hoping for some help here, I'm trying to fire up a new Cisco 9800 WLC for first use, and for some reason I cant get the DHCP discovery from the client to be forwarded to and external DHCP Server. I enabled the DHCP Service from the CLI, also enabled "ip dhcp relay information trusted" on all the ports including the channel-port, but with no luck. when I enable wire shark on my client I see the requests going out for discovery, with no responses coming back. I am using vtp 3 setup so I can pull all the vlans down from the master switch, but unlike 5508 WLC there's no settings to point to a specific DHCP server there. Under Tags and Policies, I configured my policy in the advanced tab to require IPv4 DHCP and put a DHCP Server IP Address in it. I do have Central DHCP enabled on the general tab, but not quite sure what that setting is (on by default). I've toggled through various settings and not sure what to do next.
Solved! Go to Solution.
11-12-2019 08:33 AM
11-08-2019 07:39 AM
read this document
the command ip dhcp server 200.1.1.2 is available in interface configuration mode
you can configure it in an interface assigned to a WLAN
and you can override it per WLAN assigned to an interface in wlan configuration mode
11-11-2019 12:18 PM - edited 11-12-2019 08:30 AM
11-12-2019 08:33 AM
11-12-2019 02:19 PM
Do you have the dhcp relay on each vlan interface on the wireless controller? you need to have the SVI for each network you are using on your wireless, otherwise each vlan won't know to relay it. unfortunately you cant put a ip-helper address in the global config. if the vlan on your router is say 10.100.50.1 255.255.255.0 then just create the SVI to be 10.100.50.2 255.255.255.0. If you ever worked on the 5500 series controllers it had kind of the same concept. let me know
04-18-2023 06:02 AM
Creating an SVI for each vlan that are assigned to specific wlan's would create local routing for each wlan. If the client changed thier gateway to be that of the SVI then this can cause a security issue because the WLC would be acting as a router and the client would be able to route between vlans? Imagine having a corporate vlan and a guest vlan, they would be able to route between them? In my case I have the client gateways further upstream and just have a layer2 vlan assigned to the wlan, on the L3 SVI's on the neighboring router I have ip helper-address assigned yet still my clients are not getting an address from the DHCP server. older Aeros WLC's would proxy the requests out from each client interface to the configured DHCP server on that interface.
04-18-2023 06:07 AM
Exactly - which is why Cisco do not recommend using SVI on 9800 (although required for specific features). Refer to best practices guide below. If you do use SVI then you need appropriate ACLs etc to mitigate the security risk that creates so generally better to use the upstream device instead.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide