Wrong IP addresses from DHCP server via WLC

CarloCrz · ‎09-29-2020

Hi Everyone,

I have a Cisco WLC 2504 that manages 2 WLANs. The first one is the corporate one and is connected to the management interface (it shares the same subnet) with no VLAN (0), while the second one is the guest WiFi and is connected to a dedicated interface with a dedicated VLAN, tagged (113).

On the L3 switch side, they share the same physical interface which is configured with VLAN 1 (management) and VLAN 113 both tagged in trunk mode (no native VLAN set).

Here is the issue: both WLAN rely on the same DHCP server (Windows server 2012) and the devices connected to the guest sometimes take also an IP from the lease of the corporate network. Now, those devices still use the correct IP (guest) but I can see them assigned on the other subnet and I also see the communication on the packet captures.

First I tried to enable the DHCP proxy option on both interfaces, because I saw traffic going from 0.0.0.0 to 255.255.255.255 and I knew that the device was connected to the guest WiFi, but still receiving and IP from the corporate network (and from the guest network too). I thought that maybe the requests were going directly to the DHCP server, and the DHCP server didn't know the source subnet, so it wasn't able to choose the correct subnet. I didn't resolved.

Then I tried to tag the management interface on the WLC side, since it is tagged on the L3 switch (i thought that it could mess up the routing), but the WLC became unavailable via GUI (I was also connected on CLI) so I had to switch back.

Any idea? I suppose there is a misconfiguration, but I don't see where.

Thank you

Rasika Nayanajith · ‎09-29-2020

Hi Carlo,

What software version you run on your 2504?

I would suggest creating a new VLAN (eg 115) for corporate data SSID instead of vlan 1. Is this possible?

Rasika

CarloCrz · ‎09-29-2020

Hi Rasika,

Thank you for the reply, unfortunately it is not possible, through the whole network this VLAN has ID 1.

What I don't get is how the DHCP server still receives the DHCP packets from 0.0.0.0 to 255.255.255.255 instead of being proxied by the WLC, I think that this is why the DHCP server provides IPs from both subnets.

patoberli · ‎10-02-2020

Have you enabled proxying of the DHCP packets on the WLC and have you configured the correct DHCP server on the virtual interface that is configured on the SSID?

CarloCrz · ‎10-02-2020

Hi Patoberli,

yes, I have enabled the proxying of the DHCP packets for both virtual interfaces. But after a few hours I had to remove the DHCP proxy for the corporate WLAN, which is connected to the management virtual interface (VLAN 0 in the WLC, VLAN 1 in the switch) because the DHCP server wasn't receiving the DHCP packets anymore.

Both virtual interfaces are configured with the same DHCP IP, since the DHCP server has a single IP address configured.

patoberli · ‎10-05-2020

You should not use the management interface on the WLC for client access. It would be better to have a dedicated management vlan for the WLC and APs.

Is the virtual-interface using an artificial IP address that you don't route/use in your network?

CarloCrz · ‎10-06-2020

The virtual interface is the management one, and has a single IP address used for both management and client access purposes. It is possible that this is causing the issue or it's just not a best practice?

patoberli · ‎10-08-2020

The virtual-interface must use a non-routed private IP address, not shared by any other interface, or this can cause all kinds of issues. For example: 192.0.2.254

CarloCrz · ‎10-16-2020

I have modified the configuration: the WLAN that previously used the management interface, now has a dedicated one on a dedicated subnet and dedicated VLAN. Basically, I have 2 WLANs made the same way and an interface dedicated only for management purposes.

Still, I see on the DHCP server that some IP address is leased to the wrong devices, connected to the corporate WLAN.

Some other suggestions?

Sandeep Choudhary · ‎10-16-2020

did you configure the correct DHCP server IP address under dymaic interface or under wlan config ?

Regards

Dont forget to arte helpful posts

CarloCrz · ‎10-16-2020

The DHCP server is neither configured on the virtual interfaces (Primary DHCP Server) nor on the WLANs (DHCP Server - override). The way the clients reach the DHCP server is via the helper address configured on the interface VLAN on the Catalyst.

Sandeep Choudhary · ‎10-16-2020

Paste the out of these:

1. Screenshot of the dynamic interface which is assigned to wlan.

2. Swcithport config where WLC connected.

3. show interface detailed management

Regards

Dont forget to rate helpful posts

CarloCrz · ‎10-16-2020

The following interface ag guest is the one assigned to the WLAN guest, which uses also the wrong IP addresses:

The switchport config where the WLC is connected is the following:

interface GigabitEthernet1/0/39

description Cisco WLC wireless

switchport trunk allowed vlan 1 (default, from this subnet the wrong IP addresses are given),113 (the guest WiFi one), [...]

switchport trunk encapsulation dot1q

switchport mode trunk

The interface management is configured as follow (I used the GUI because I can't use the CLI at the moment):

Sandeep Choudhary · ‎10-16-2020

What is the IP of DHCP server for vlan 113 and where it is ? (internal or external)

CarloCrz · ‎10-16-2020

The DHCP server ID address is in VLAN 1 for every WLAN. It is in the internal network and it's reached because is configured as helper address on the interface VLAN 113 in the Catalyst switch. So basically no DHCP server is configured directly on the WLC