We have a WLC5520 which works fine for our private WiFi, but the public WiFi cannot reach the DHCP server.
The interface is set to "vlan900", which has an IP address of 172.16.48.2 /22.
On the router, 172.16.48.1 works and can be reach with this address. However, I cannot ping 172.16.48.2 from anywhere.
The interface is up, I see the SSID from WiFi clients but when I try to connect, it says "cannot obtain IP address".
The private WiFi can reach the DHCP server just fine.
show interface summary Number of Interfaces.......................... 6 Interface Name Port Vlan Id IP Address Type Ap Mgr Guest -------------------------------- ---- -------- --------------- ------- ------ ----- management 1 12 192.168.12.5 Static Yes No redundancy-management 1 12 0.0.0.0 Static No No redundancy-port - untagged 0.0.0.0 Static No No service-port N/A N/A 10.110.2.5 Static No No virtual N/A N/A 18.104.22.168 Static No No vlan900 1 900 172.16.48.2 Dynamic No No
EDIT: Additional info....
From the WLC I cannot ping the gateway on 172.16.48.1 but I can ping it on 192.168.12.1. This is probably why the public WiFi can't reach the DHCP server (which is on the 192.168.10.x network). But the private WiFi can. I'm looking at the trunk from the WLC to the gateway and it looks ok ? What am I missing?
Solved! Go to Solution.
I tried it, and when I put the ACL 2600 on the vlan900 interface, I couldn't get an IP address from DHCP. As soon as I removed the ACL, I could get an IP address from DHCP.
Makesure bootp & DNS traffic is permitted in your ACL , something like below
remark Permit DHCP IP assignment
permit udp any any eq bootps
permit udp any eq bootpc any
remark Permit DNS
permit udp any any eq domain
*** Pls rate all useful responses ***
Private Wifi is same VLAN for the DHCP Server? if yes, then you need to config DHCP reply in router which make router receive the broadcast from the Public Wifi VLAN and forward it as unicast to Private Wifi VLAN.
How would I check this? I just started this job and I was not the person who set this all up.
EDIT: I can see on the router, interface vlan900 has the following line
ip helper-address 192.168.10.9