WLC5520 public wifi can't reach DHCP


We have a WLC5520 which works fine for our private WiFi, but the public WiFi cannot reach the DHCP server.

The interface is set to "vlan900", which has an IP address of /22.

On the router, works and can be reach with this address. However, I cannot ping from anywhere.


The interface is up, I see the SSID from WiFi clients but when I try to connect, it says "cannot obtain IP address".


The private WiFi can reach the DHCP server just fine.


show interface summary

 Number of Interfaces.......................... 6

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management                       1    12    Static  Yes    No
redundancy-management            1    12         Static  No     No
redundancy-port                  -    untagged         Static  No     No
service-port                     N/A  N/A      Static  No     No
virtual                          N/A  N/A         Static  No     No
vlan900                          1    900     Dynamic No     No

EDIT: Additional info....
From the WLC I cannot ping the gateway on but I can ping it on This is probably why the public WiFi can't reach the DHCP server (which is on the 192.168.10.x network). But the private WiFi can. I'm looking at the trunk from the WLC to the gateway and it looks ok ? What am I missing?



I tried it, and when I put the ACL 2600 on the vlan900 interface, I couldn't get an IP address from DHCP. As soon as I removed the ACL, I could get an IP address from DHCP.

Makesure bootp & DNS traffic is permitted in your ACL , something like below


remark Permit DHCP IP assignment
permit udp any any eq bootps
permit udp any eq bootpc any
remark Permit DNS
permit udp any any eq domain




This has worked perfectly, thank you!


Private Wifi is same VLAN for the DHCP Server? if yes, then you need to config DHCP reply in router which make router receive the broadcast from the Public Wifi VLAN and forward it as unicast to  Private Wifi VLAN.

Private WiFi is on VLAN 12, DHCP Server is on VLAN 10.

For private wifi are you config dhcp relay on router subinterface ?

How would I check this? I just started this job and I was not the person who set this all up.


EDIT: I can see on the router, interface vlan900 has the following line 

ip helper-address
