cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1703
Views
12
Helpful
29
Replies

DHCP client wont get ip from C9800 LC

AliDoskii
Level 1
Level 1

 

AliDoskii_1-1732878479313.png

Hello Cisco Community,

Hope everyone is well.

Recently i am facing difficulty with implementing my wireless network.
i have installed wireless access point and all of them successfully appearing in my wireless controller dashboard, WLAN created for them and SSID is working fine, i could see and connect to my SSID without problem.

The only problem that i have is, my wireless client cannot get ip address from DHCP.

I have made VLAN 50 to be relay as well but still no chance, whereas access point is getting ip address from DHCP without any problem.

can someone please help me with that?
Thanks in advance,
AliDoski

AliDoski
29 Replies 29

Clients can authenticate?

I would change your design and remove the SVI from WLC and put It in the core keeping the interface in trunk mode.

 I believe WLC as layer3 is not recommend

yes client can authenticate.

i removed SVI but now access point cannot discover controller.

AliDoski

 You removed but you transferred to Core, right?  

what about the layer3 interface you have on the WLC. Was not that your management Interface?  

"

Information About Wireless Management Interface

The Wireless Management Interface (WMI) is the mandatory Layer 3 interface on the Cisco Catalyst 9800 Wireless Controller. It is used for all communications between the controller and access points. Also, it is used for all CAPWAP or inter-controller mobility messaging and tunneling traffic.

WMI is also the default interface for in-band management and connectivity to enterprise services, such as, AAA, syslog, SNMP, and so on. You can use the WMI IP address to remotely connect to the device using SSH or Telnet (or) access the Graphical User Interface (GUI) using HTTP or HTTPs by entering the wireless management interface IP address of the controller in the address field of your browser."


For the WLC discover from AP, you can use option 43 on the DHCP server to pass the WLC IP address to access point on DHCP request. You can also use DNS for that and ultimatelly you can setup the WLC on the AP statically with capwap ap command. 
 Try to use the easier mode which is static config on the AP  just to make sure now clients can connect and get IP, Later you see a better way to join the APs on the WLC 

Use the command on the AP

capwap ap primary-base <wlc-hostname> <wlc-IP-address>

i will configure int vlan 50 on my core switch no problem with that.

the only problem i have is i cannot remove int vlan 50 on controller because access point cannot find my controller without it.

AliDoski

Then create another vlan, for example vlan 60 layer2 only on the WLC and make layer3 on the core. Add this new vlan to your WLAN and use it for clients. Leave the vlan 50 for management.

 

FlavioMiranda_0-1732906127626.png

 

 

Great, well understood.

let me try this one and keep you posted.

AliDoski

Thanks Flavio,

This solved my issue:
I had two VLAN 10, 50 

On controller: 

- I created SVI 10 for Management purpose. (removed IP helper address under this interface)
- Created L2 VLAN 50 for Wireless users attached to WLAN.
- Disabled DHCP Server

- Disabled fast transition as well.
- Created Option 43 code on my Mikrotik router

These were steps that i did solved my issue.

Thanks everyone for every single word you commented, appreciate you support
AliDoski

AliDoski

Yeah sorry I didn't realise you were also using vlan 50 SVI as your wireless management interface.  As Flavio says best practice is to keep the AP management and client traffic on separate VLANs but you can keep them all on the same vlan if you really want to.  Just don't put any DHCP helper/relay config in anywhere because it's directly connected.

Yes that policy is definitely a problem - your policy was completely empty in the config above but should be fine once configured with vlan 50!

You DO NOT need DHCP relay at all (either interface helper address or in policy) when the DHCP server is in the local connected subnet!

You do not need the SVI (vlan 50 interface) at all and in fact it is NOT RECOMMENDED on 9800:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#DHCPbridgingandDHCPrelay

So remove all references to the DHCP server on the WLC, delete the SVI and allow the client traffic to be bridged to vlan 50 and the router to respond.

shambhu.kumar
Spotlight
Spotlight

 

Please check,

show run all | in dhcp
service dhcp

if not enable, please enable dhcp service

config t

service dhcp

 

 

 

i checked this before and enabled previously.

AliDoski

In wlc monitoring > client check in which state the wifi endpoint pending 

MHM

service dhcp is only required if you are using the WLC as a DHCP server, which you are not as far as I can tell.

According to the diagram the Microtik router is the DHCP server right?

Yes dhcp is enabled on my mikrotik router.

AliDoski

I send you PM

MHM

Review Cisco Networking for a $25 gift card