WLC DHCP & VLAN issue
Hello,
I configured on my WLC 5508 a new Interface & VLAN . The WLC act as DHCP Proxy.
I enabled also Flex Connect local switching . Then I removed on my Switch under the
VLAN settings the IP helper because as I know the WLC act as IP helper.
What is still not clear for me is where I have to insert the DHCP server adress
on my WLC controller. Must I insert the DHCP server IP under my management Interface
or where I have to enter the DHCP server IP.
I tested this with the new VLAN interface and added the DHCP server IP but without success.
Thanks for help.
Regards
Hi,
I addedd an IP helper under the L3 configuration without success. Same, WLAN clients don´t get an IP .
I configured following:
add a new VLAN into the switch with layer 3 and addedd IP helper on the L3 switch.
add the VLAN into the WLC controller wth a new SSID and Interface for this VLAN.
Enabled Flex Connect under the SSID.
Done a test with a wired client direct on a switch without problems.
If I try to connect over the WLAN then the client don´t get an IP.
Regards
Similar Messages
-
Hi,
I've discovered an issue with our WLC 4400 series controllers when we do firmware upgrades (recently moved to 6.0.199) it seems to reset the dhcp server on the controller but the Access points still retain their old IP until the lease runs out (48hrs). This means that any AP's requesting a new lease often get an IP conflict for the first 48hrs after the upgrade and we experienced areas where AP's wouldnt connect.
Is this a common issue and is there anyway to get the AP's to request a new address from the controller?
thanks,
MattHi Matt,
When you do a WLC upgrade, a WLC reboot is required, this results in the DHCP lease table getting restarted as well.
Solution:
1-Setup an external DHCP Server to overcome this.
2- Restart the access points, so they request a new IP address.
This is mentioned on WLC release notes 6.0.199.0 that you are running, it is for clients, for the rule still applies:
Link
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn6_0_199.html#wp581125
Internal DHCP Server
When clients use the controller's internal DHCP server, IP addresses are not preserved across reboots. As a result, multiple clients can be assigned the same IP address. To resolve any IP address conflicts, clients must release their existing IP address and request a new one.
The same also applies on newer releases such as 6.0.199.4 and 7.0.
Have a good day.
Serge -
Hi,
We are facing this problem
we are using guest SSID with captive portal authentication.
We are using below step to conect to network
1) User will click on guest SSID & get IP from DHCP scope
2) User will open google.com & then it will redirect to authentication page - we need to provide userid/pass & then we will able to access internet
Problem
Assume user only do Step -1 , Then My dhcp scope is utilizing
How can we restrict the same to 'geneuine' user, any option/workaround ?
br/subhojitI have to agree with e. Shortening theeaae will help.
But the kny way to keep people off the WLAN would be to use a PSK so that only authorized users can get on.
HTH
Steve -
Hi,
I configured WLC as DHCP server and is working fine when connected to 3750 core switch. The AP's and clients are getting IP address.
When the same WLC is connected to 6500 , the DHCP is not working from WLC . The same port of 6500 switch is verified by connecting a 3750 switch as dhcp server and AP as well as clients are getting IP.
DHCP snooping and port security is not enabled in the 6500 and the configuration is simple. The WLC is untagged and the 6500 port is a trunk port with 242 as native VLAN.
Please helpDear Surendra,
Please see the answers in line.
1.As per your previous post, if we connect WLC to 3750 core everything works fine.. so in this case, i assume that we have INTERFACE VLAN on the switch and then the management interafce on the WLC are in the same subnet?? correct??
"Yes , All are in the same Vlan . Interface VLAN and management interface are in same subnet."
2. Similarly, if we swap the 3750 with 6500, it doesnt work.. in this case.. have you created the interface vlan on the 6500 in the same subnet as that of management interface of the WLC??
" Yes, the 6500 has vlan interface without IP. The same way we configured 3750 "
Or
3.are we not swapping the 6500 and we are connecting the WLC to the WLC to the 6500 and then this 6500 to the 3750??
"We connected WLC LAP to 3750 and the dhcp of wlc is working fine.. When WLC & AP connected to 6500 , the WLC DHCP is not working. We verified the 6500 port by coonecting 3750 as DHCP server and WLC is connected to 3750 and all were working fine. When WLC is directly connected to 6500 , the LAP is not joing to WLC. When static IP is given to LAP, the LAP joined WLC but the clients were not getting IP."
4.Layer 2 means... interface VLAN on the switch and the WLC management and the AP DHCP pool are all in the same subnet. correct?
"Yes all are in the same subnet"
Thanks for your efforts.
Regards,
Savad -
Internet DHCP/DNS issues with WRT1900ac
I've had a WRT1900ac now for about 2 weeks and the problems seem to be escalating. Need help. And yes, I've already read dozens of threads about these issues and nothing seems to be working.
Most of the problems seem to be centered around this DHCP/DNS issue that so many have been reporting.
First, the symptoms:
Galaxy S4 phones when connected via wifi have some apps that don't update (facebook and google play)
Some computers (both Win 7) will connect to the network just fine, both wired and wireless - but won't be able to get to the internet
I've spent the last 2-3 days of my life reading forums and trying all sorts of things to get this to work properly (like my old router) and I'm still stuck. Some things I've tried:
Firmware is up-to-date (latest version: 1.1.8.164461)
Manually assigned static DNS in router config settings (connectivity -> local network) to various combinations including the router address, 8.8.8.8, 8.8.4.4, 75.75.75.75, 75.75.76.76 (I have comcast), OpenDNS addresses, etc. I read that the router address is not needed, so I stopped including it.
I manually assigned IPs and DNS on the Galaxy S4 phones and that seemed to work... but also seems unnecessary.
I've reserved DHCP addresses on the computers in question, that didn't seem to work, I also manually set DNS on one of the comupters (can't on the other... long story/not my computer) and that worked for a while and then stopped working.
The only way to get one of the computers on the internet now is to turn on the guest network (even though the computer is hard wired to the router), connect, and then the wired network works. No clue why this is, but my guess is that it needs the guest network for DNS, then it fails back over to the wired network. Once that happens, I can actually turn off the wifi on the computer and everything works great... until I reboot. Key point: I can't change any settings on that box other than entering in SSID/passphrase info for the wireless connection. I can connect to the regular (non-Guest) wifi just fine - I just can't ever get to the internet.
I've tried massaging DHCP settings on the router until I'm blue in the face - Static DNS, reserving DHCP addresses, hell I even put one of the computers in the DMZ to see if that would work and it still can't connect to the internet (it's worth noting that with my old router, Linksys WRT310N, the setup was literally plug-and-play - no hassle with any of this).
I've tried countless router reboots, factory resets, turning off my modem and router for 2+ minutes, and nothing is working.
I even read somewhere that if you modify your DHCP settings at all that the WRT1900ac stops doing DNS properly and breaks, so I even tried several "hard" factory resets and used all the default DHCP/DNS settings. And it worked... for a few hours.
Seriously, I'm at my wit's end. I'm out a lot of money on this thing and it's been one headache after another. Please help.I think for most people its a bad idea to hold out that hope, lol. It seems like a great piece of hardware but if you really need a router and don't want to have to 'play' with it, its probably not a good choice. I have an EA6900 that I am very happy with but it has the same restrictions as far as DNS and I really hate the idea that I am forced to use the smartwifi portal. I would really like for them to give me a choice of the old gui or the new one and let ME decide. Lots of routers to choose from out there now and new ones seem to be coming out all the time so do some reading and see if something suits you better. Good luck!
-
7936 not showing software version and vlan issue
I have a 7936 that does not show the software version. I have installed the newest load on the callmanager, but still cannot see what version it is running on the phone.
My main issue with the phone is that I have to set the switchport access vlan to the voice vlan, if I try to let the phone use the swithport voice vlan, it will pull an IP address off of the data vlan and not the voice vlan.
Any help with either of these issues would be greatly appreciated. I do rate all helpful posts.
Thanks,
RobertHi Robert,
Here is some info that may help;
Verifying Firmware Version Information
You can obtain information about the firmware version installed on the IP Conference Station.
Follow these steps to verify the firmware version on an IP Conference Station:
Step 1 Press the Menu button.
Step 2 Press the Up or Down scroll button to select the Admin Setup menu.
Step 3 Press the Select button.
Step 4 Enter the administrator password. (The default administrator password is **#.)
Step 5 Press the Enter softkey.
Step 6 Press the Up or Down scroll button to select System Information.
Step 7 Press the Select button.
Step 8 Press the Up or Down scroll button to select SW Version.
The firmware version number is displayed.
Or if that is not working try accessing this way;
Using the Web Interface
Follow these steps to access the Cisco IP Conference Station 7936 web interface:
Step 1 Open your web browser.
Step 2 In the address field enter:
http:// IP address of the IP Conference Station:
Configuration information applies to the specific IP Conference Station associated with the IP address you enter.
Note If you changed the HTTP port number, you need to use that number as a suffix to the IP address. If you did not change the HTTP port number, then you do not need to enter a suffix.
The web interface appears, and the initial login page is displayed.
Step 3 To log in as the administrator, enter the administrator password and click Login.
The default administrator password is **#.
Note When logged in to the IP Conference Station web pages, the web pages will time out after approximately 20 minutes of inactivity. You will then have to log back in.
Step 4 To log off, click Administrator Logout.
Information Available on All Web Pages
The top right portion of the Cisco IP Conference Station 7936 web interface includes a separate section that displays consistent information for all of the web pages.
This section contains the following information; example text appears next to each item in the list:
Software Version: 3.3(2.00)
Protocol Type: SCCP
Boot Load ID: PC0503031418
Application Load ID: CMTERM_7936.3-3-2-0
IP Address: 10.1.1.11
MAC Address: 00c742655892
Local Number: 2022
As far as the VLAN issue goes, this has always been the case for our 7935's as well and I'm sure the 7936 is the same.
Switchport mode access
Switchport access VLAN XXX
Hope this helps!
Rob
Please remember to rate helpful posts........ -
WLC 5508, vlan select, reserved address in external DHCP server
Hi guys,
I have a deploy with a WLC 5508 version 7.0.116.0, APs mode local and vlan select feature enable. The issue is that the reserved IP address in external DHCP server not work. The DHCP contains a reserved IP address associates with mac address, but the assignement of IP is not match with de policies in DHCP. All others services operate normally.
This reserved assignment operate previusly to modificate the WLAN to vlan select feature. Help me to improve this situation.
Thanks.-
Best regardsHello Abhishek, thanks for you quick answer....
the link was a document used for the deploy, but not especifict nothing about the reserved IP address for particular host. In other words, the reserved IP address (through MAC address) in external DHCP server not work when "vlan select" its enable. -
WLC 5508 Internal DHCP server issues
Hi,
I am hoping to get your feedback around the dhcp issues I am facing with Two Centrally Switched Wireless LANs. I have tried to explain the setup and the problems below and would appreciate it if anyone can suggest a solution for the problems I am facing:
The setup is as follows:
- I have a WLC 5508 which has been configured with 4 SSIDs, out of which 2 are using Central Authentication and Switching.
- I have an LWAP connected to the WLC in HREAP mode.
- WLC is configured as the DHCP server for clients connecting to the SSID 'Guest'. For the rest, I am using external dhcp server.
- Only one scope for Guest Interface is setup on the WLC.
Problems:
1. As far as I know, for WLC to act as internal dhcp server, it is mandatory to have the proxy enabled, but the Clients connecting to SSID 'Internet' are
unable to get an ip address from the external dhcp server, if dhcp proxy is enabled on the WLC. If i disable the proxy, it all works fine.
2. DHCP does not release the ip addresses assigned to clients even after they are logged out.
3. If a machine which was earlier connected to 'Guest' SSID connects to the 'Internet' SSID, it requests the same ip it was assigned by the WLC which it was assigned under 'Guest', but gets tagged with the Vlan configured on the management interface.
************Output from the Controller********************
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Gu
est
guest 1 301 10.255.255.30 Dynamic No No
management 1 100 172.17.1.30 Static Yes No
service-port N/A N/A 192.168.0.1 Static No No
virtual N/A N/A 10.0.0.1 Static No No
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 4
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 LAN Enabled management
2 Internet Enabled management
3 Managment Assets Enabled management
4 Guest Enabled guest
(Cisco Controller) >show dhcp detailed guest
Scope: guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 10.255.255.31
Pool End......................................... 10.255.255.254
Network.......................................... 10.255.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 10.255.255.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 8.8.8.8 8.8.4.4 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... e8:b7:48:9b:84:20
IP Address....................................... 172.17.1.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 172.17.1.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.30.50.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show interface detailed guest
Interface Name................................... guest
MAC Address...................................... e8:b7:48:9b:84:24
IP Address....................................... 10.255.255.30
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.255.255.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 301
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Enabled
(Cisco Controller) >show dhcp leases
MAC IP Lease Time Remaining
00:21:6a:9c:03:04 10.255.255.46 23 hours 52 minutes 42 seconds <<<<<<< lease remains even when the client is disconnected.
*********Example of Client connected to the right Vlan with an ip address from the incorrect interface. *************
(Cisco Controller) >show client detail 00:21:6a:9c:03:04
Client MAC Address............................... 00:21:6a:9c:03:04
Client Username ................................. N/A
AP MAC Address................................... a0:cf:5b:00:49:c0
AP Name.......................................... mel
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 2 <<<<<<<< 'Internet' SSID
BSSID............................................ a0:cf:5b:00:49:ce
Connected For ................................... 319 secs
Channel.......................................... 36
IP Address....................................... 10.255.255.46 <<<<<<< IP address assigned from the 'Guest' Interface or dhcp scope on the WLC
Association Id................................... 1
Authentication Algorithm......................... Open System
Reason Code...................................... 1
Status Code...................................... 0
Session Timeout.................................. 1800
Client CCX version............................... 4
Client E2E version............................... 1
QoS Level........................................ Silver
802.1P Priority Tag.............................. disabled
WMM Support...................................... Enabled
Power Save....................................... OFF
Mobility State................................... Local
Mobility Move Count.............................. 0
Security Policy Completed........................ Yes
Policy Manager State............................. RUN
Policy Manager Rule Created...................... Yes
ACL Name......................................... none
ACL Applied Status............................... Unavailable
Policy Type...................................... N/A
Encryption Cipher................................ None
Management Frame Protection...................... No
EAP Type......................................... Unknown
H-REAP Data Switching............................ Central <<<<<<<<<
H-REAP Authentication............................ Central <<<<<<<<<<
Interface........................................ management
VLAN............................................. 100 <<<<<<<<<<< right Vlan
Quarantine VLAN.................................. 0
Access VLAN...................................... 100Hi All,
I have a similar issue where Wireless clients are not receiving automatic addressing from an internal DHCP server. I have multiple interfaces configured on the WLC which are connected to separate VLANS. The manually specified DHCP primary server entry is the same on all interfaces. Some clients are able to authenticate and receive automatic IP configuration but some clients are failing the address assignment process. I have checked connectivity between the WLC and DHCP server, this is confirmed as working. When I carry out a "debug dhcp packet enable", I get the following outputs which seems as if the DHCP discover request from the client is skipped. Your thoughts and inputs on this are appreciated.
DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 116 (len 1) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: requested ip = 169.254.223.5
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 12 (len 13) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 55 (len 11) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option: 43 (len 2) - skipping
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP options end, len 76, actual 68
*DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP Forwarding DHCP packet (332 octets) packet DHCP Socket Task: Nov 07 11:16:09.174: 00:22:fb:7b:37:32 DHCP option len (including the magic cookie) 76
Thanks,
Raj Sandhu -
We have an issue where the client PCs are not receiving IP address from DHCP though they get authenticated. Clients with static IP address don't have any issue. I get the below DHCP error message from the logs,
%DHCP-4-INVALID_VLANID_ARP: dhcp_proxy.c:1035 ARP table stores invalid vlan id 0, for the IP Addr 0x85. Expected vlan id for this ip address is 174616833
And in the ARP table, I see an invalid arp entry for the gateway IP address for a particular VLAN.
00:0D:BC:2B:76:BF 10.104.113.1 2 0 Host
While this MAC address should be learned from port 1 and in VLAN 133, it shows as port 2 and VLAN 0. The ARP entry gets corrected itself when I flush the ARP cache or if I do a ping to the IP from WLC.
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
kwe-wireless 1 133 10.104.113.2 Dynamic No No
WLC Model - 4402
OS Version - 5.1.151.0Well just for information purpose, the v5.x is the worst code version out there. Since you have 4400's, I would upgrade to v7.0.x. Makes ire your AP's are compatible by looking at this list.
http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
Sent from Cisco Technical Support iPhone App -
WLC & Swich vlan-int communication issues
Hello,
I have a Cisco-Switch configured with 3-VLANs (1,3 & 6) . im using VLAN-1 as the management vlan for communication between WLC & Switch.
I have 1-management interface and 2-dynamic interfaces created on WLC. management-int is using untagged vlan. and from the Cisco-Switch i can ping WLC Management-int ip. but i can not ping other WLC Dynamic-interfaces, while all the subnets-ips are configured properly. also wifi clients can not connect through those dynamic-interfaces ssids
can any one help please, here is some config outputs from my WLC >>>>>>>>>>>>>>>>>
(Cisco Controller) >show wlan summary
Number of WLANs.................................. 3
WLAN ID WLAN Profile Name / SSID Status Interface Name
1 FMFB-WIFI-MGT / FMFB-WIFI-MGT Enabled management
2 FMFB-HO-LAN / FMFB-HO Enabled vlan-3
3 FMFB HO Guest / FMFB-Guest Enabled vlan-6
(Cisco Controller) >show interface summary
Number of Interfaces.......................... 4
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
management 1 untagged 192.168.2.239 Static Yes No
virtual N/A N/A 1.1.1.1 Static No No
vlan-3 1 3 192.168.100.239 Dynamic No No
vlan-6 1 6 192.168.110.239 Dynamic No No
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show interface detailed management
Interface Name................................... management
MAC Address...................................... 50:06:04:ca:97:20
IP Address....................................... 192.168.2.239
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.2.250
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. 192.168.2.250
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Disabled
--More-- or (q)uit
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >
(Cisco Controller) >show interface detailed vlan-3
Interface Name................................... vlan-3
MAC Address...................................... 50:06:04:ca:97:24
IP Address....................................... 192.168.100.239
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.100.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 3
Quarantine-vlan.................................. 0
NAS-Identifier................................... HO_WLC
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
--More-- or (q)uit
L2 Multicast..................................... Enabledit is my switch port config,
interface FastEthernet0/23
description connected-to-ap
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,6
switchport mode access
no ip address
interface FastEthernet0/24
description connected-to-WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,3,6
switchport mode access
no ip address
I also enabled LAG, but with no result still>>>>>>>>> -
WLC 2100 and DHCP strange issue.
Hi,
i have this scenario: 1 WLC 2100 and two LW AP 3500 connected. If the access points are connected via external switch evrything works well - AP and Clients get IP address from external DHCP and this is ok but when im connecting AP 3500 directly to one of ports on WLC i need to chceck in controller web Controller -> Advanced -> DHCP -> Enable DHCP proxy - after that AP get IP addres and clients get too but ip is assigned from external dhcp but the gateway is set as controller IP address (!!!) so clients not works. I want to configure access points connected directly do WLC.
I have small setup and i have configured all in the one vlan - management dla users are in the same vlan.
And the second is - for what usage is internal DHCP server - and how to use it?When "Enable DHCP Proxy" is not enabled tha LW AP 3500 cannot get IP address if it is connected directly to LWC... when i add this option then on both LW AP 3500 - one connected to WLC and second directly to switch give me DHCP address from external DHCP but gateway sets as LWC management IP.
I made test - connected client witout "Enable DHCP Proxy":
Client IP 192.168.1.201 (correct in dhcp server logs), default GW 192.168.1.1 (correct gateway for this DHCP) correct dnses and in windws ipconfig i see "Server DHCP 192.168.1.1" all is correct.
Disconnected client and clicked "Enable DHCP Proxy":
Client IP 192.168.1.201 (correct in dhcp server logs), default GW 192.168.1.252 incorrect gateway - ip of WLC management interface) correct dnses and in windws ipconfig i see "Server DHCP 1.1.1.1" that shows that WLC modified DHCP packets... but what it try to set default GW as WLC?
WLC data:
Software Version
7.0.98.0
I can attach screenshots and any other configutation if you need. -
I am trying to implement a Cisco Wireless solution. I have some Cisco knowledge, but it is limited. I did successfully configure the WLC 4402 with 1200 series APs. Created two WLANs, each with its own SSID. SSID ?guest? uses WEP, and gets addresses via the internal DHCP server. The DCHP range I chose exists within out current network, something I need to change according to the documentation I have read. This network should not see our network, but can browse the internet. SSID ?secure? uses WPA with MAC authentication. I can connect to either SSID and access all network resources. However this only works with two caveats.
1) I have to use the management interface
2) The DHCP range for the guest network needs to fall within our network
Trying to implement any kind of security for the ?guest? network has not gone so well. I have problems just about at every point. After reading some documents, I decided I needed to add 2 interfaces for the 2 WLANs. My interface info is below.
Interface Name Mgr Port Vlan Id IP Address Type Ap
ap-manager LAG untagged 10.1.104.154 Static Yes
guest LAG 10 192.168.10.10 Dynamic No
management LAG untagged 10.1.104.153 Static No
production LAG 20 192.168.20.20 Dynamic No
service-port N/A N/A 192.168.1.1 Static No
virtual N/A N/A 1.1.1.1 Static No
My intention was to apply an access list the guest VLAN so as to limit its traffic. If I apply the guest interface ?VLAN 10 (instead of the management-VLAN 0) it doesn?t work. I found a doc that addresses this so I added trunking to the interface the WLC is attached to on our 6509 (CatOS)switch.
MySwitch (enable) set trunk 2/6 on dot1q
Trunking is enabled, but no dice. I thought this might be a routing issue between my switch and my gateway. So I changed the VLAN on the management interface. I thought this would at the very least allow me to ping the switch, but I was wrong. I changed that back and added this entry into our gateway
interface Vlan10
ip address 192.168.20.1 255.255.255.0
I thought that way the wireless controller would be able to see the IP address, on the router, but it didn?t work.
Also I cannot use the new DHCP range I chose (192.168.10.x), I assume because it is not 10.1.x.x, so it can?t find it.
I would really appreciate some help from someone who has done this. I am very confused.Hi
Okay number of things here.
Firstly you are correct about needing a trunk interface between the WLC and your switch. Make sure that all the vlans you have created are allowed on the trunk link.
On the 6509 run
"sh int trunk" and confirm that the status is up.
You will need to create vlan interfaces for each of your WLC vlans on the 6500. You say you have created vlan 10 interface on the 6500.
What is the default gateway on the WLC set to ?
For DHCP addressing to work you will need to us eth "ip helper-address "DHCP IP address" under the vlan interface eg
vlan 10
ip address 192.168.20.1 255.255.255.0
ip helper-address "DHCP server address"
You need to do this for all vlan interfaces you want to pick IP addresses up for clients.
HTH
Jon -
DHCP relay issues - WLC4400 series
Hi all,
I'm experiencing some strange problems with my WLC 4400 – and hope you guys can give me a hand.
There is an issue while connecting a WLAN Client to the WLC for the first time. I pinpointed the source of the problem to the dhcp, but I wondering why this happens…
As stated above – the issue occurs only during the first time registration of a WLAN client with the WLC. If I do another registration right after the failed connection attempt, the session is established and I can start working in my network environment.
Because we use 802.1x authentication, my first idea was that there is an issue – but the authentication process completes successfully.
Another debug for the dhcp process showed an issue during the initial registration process. I'll paste an extract of the NOT working connection attempt below (DHCP DISCOVER msg and DHCP OFFER msg passed successfully – I'll focus on the DHCP REQUEST msg):
###### Extract one ######
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProxy: Received packet: Client 00:21:6a:00:35:9c
DHCP Op: BOOTREQUEST(1), IP len: 303, switchport: 29, encap: 0xec03
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option len, including the magic cookie = 67
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: received DHCP REQUEST msg
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 61, len 7
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: requested ip = 10.64.153.66
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: server id = 1.1.1.1
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 12, len 12
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: vendor class id = MSFT 5.0 (len 8)
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcp option: skipping option 55, len 12
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcpParseOptions: options end, len 67, actual 67
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProxy: dhcp request, client: 00:21:6a:00:35:9c:
dhcp op: 1, port: 29, encap 0xec03, old mscb port number: 29
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c Determing relay for 00:21:6a:00:35:9c
dhcpServer: 10.49.143.8, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c Relay settings for 00:21:6a:00:35:9c
Local Address: 0.0.0.0, DHCP Server: 10.49.143.8,
Gateway Addr: 10.64.153.1, VLAN: 0, port: 29
Tue Mar 9 09:51:31 2010: 00:21:6a:00:35:9c dhcpProcessPacket return an error,chaddr: 00:21:6a:00:35:9c
The process stops working after the last line above. The client reports connection successfully, but no IP address was assigned to the client. A second connection attempt was successful (again – I'll focus on the dhcp REQUEST msg – ignoring DISCOVER, OFFER and ACK msg):
DHCP Op: BOOTREQUEST(1), IP len: 303, switchport: 29, encap: 0xec03
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option len, including the magic cookie = 67
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: received DHCP REQUEST msg
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 61, len 7
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: requested ip = 10.64.153.66
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: server id = 1.1.1.1
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 12, len 12
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: vendor class id = MSFT 5.0 (len 8)
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcp option: skipping option 55, len 12
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcpParseOptions: options end, len 67, actual 67
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c dhcpProxy: dhcp request, client: 00:21:6a:00:35:9c:
dhcp op: 1, port: 29, encap 0xec03, old mscb port number: 29
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c Determing relay for 00:21:6a:00:35:9c
dhcpServer: 10.49.143.8, dhcpNetmask: 0.0.0.0,
dhcpGateway: 0.0.0.0, dhcpRelay: 10.64.153.6 VLAN: 300
Tue Mar 9 09:53:02 2010: 00:21:6a:00:35:9c Relay settings for 00:21:6a:00:35:9c
Local Address: 10.64.153.6, DHCP Server: 10.49.143.8,
The major difference seems to be in line 16:
Not Working:
dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0 VLAN: 0
Working:
dhcpGateway: 0.0.0.0, dhcpRelay: 10.64.153.6 VLAN: 300
For me it seems that the WLC is not able to forward this request to the appropriate dhcp server.
Does anyone of you have an idea, why this happens? And why does this happen only during the first time login of every client? Or am I misinterpreting the debug output?!
Thx a lot in advance!
Cheers
MartinHi,
thx for your comment so far.
I did some additional troubleshooting yesterday and I guess I fixed the problem. The management interface was configured with two dhcp server IPs (0.0.0.0 and 1.1.1.1).
Within the Cisco documentation it is stated that the dhcp relay proxy feature uses a virtual IP 1.1.1.1.
0.0.0.0 seems to be used for the internal communication.
When I changed the dhcp address (primary & secondary) to IP 1.1.1.1 the problem was solved. We tested it yesterday evening and this morning.
My assumption is that the virtual 1.1.1.1 IP is mandatory to match the dhcp responses to the proxy relaying feature. Or the WLC uses the DHCP addresses on the management interface to forward the traffic to the appropriate feature (where 1.1.1.1 triggers the proxy feature and 0.0.0.0 is used to forward the traffic to the internal dhcp service). But this is just a guesswork – I do not know the Cisco WLAN good enough to provide a valuable explanation.
Cheers
Martin -
Hi There,
Our issue is about a WLC 5508 conected to a HP Switch L3 model HP7500 using link-aggregation. Sometimes the controller change to the secondary box and log the error message: Switchover Reason = Default gateway is not reachable, Switchover Time
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.6.120.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.7, Env 1.8, USB console 2.2
Build Type....................................... DATA + WPS
management LAG untagged x.y.z.a Static Yes No
redundancy-management LAG untagged x,y.z.b Static No No
redundancy-port - untagged 169.254.0.12 Static No No
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO ENABLED
Local State = ACTIVE
Peer State = STANDBY HOT
Unit = Primary
Unit ID = 6C:41:6A:5F:75:00
Redundancy State = SSO (Both AP and Client SSO)
Mobility MAC = 6C:41:6A:5F:75:00
Average Redundancy Peer Reachability Latency = 488 usecs
Average Management Gateway Reachability Latency = 748 usecs
Redundancy Management IP Address................. x.y.z.a
Peer Redundancy Management IP Address............ x.y.z.b
Redundancy Port IP Address....................... 169.254.0.12
Peer Redundancy Port IP Address.................. 169.254.0.13
Peer Service Port IP Address..................... 0.0.0.0
Switchover History[1]:
Previous Active = 10.140.0.13, Current Active = x.y.z.a
Switchover Reason = Default gateway is not reachable, Switchover Time = Tue Aug 19 05:32:44 2014
Any idea what´s the problem could be? We check alllan environment spanning-tree, vlan, routing, no physical issues.
My best regards
Adriano PorcaroShow sysinfo results :
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS -
Hi,
I have a WLC 5508 connected in a hub and spoke topology. The WLC is located at the hub which is the main office. In one of the remote spoke locations I have five Access Points that are connected to the local LAN and the model for the APs is AIR-CAP3602I-E-K9. The APs are all connected to access ports on the switch in vlan 1. I have two WLAN configured on the controller. I have two interfaces configured on the controller. The management and the guest interface. WLAN 1 is associated with the management interface. In the WLAN 1 advanced setting the flex local switching option is enabled. WLAN 2 is associated with the guest interface and this interface is tunneling vlan 248 the guest vlan. The problem I am having is that the devices can not communicate with each other if they are connected to the wireless connection WLAN 2 which is the tunneled vlan.
Example: The client would like to be able to connect his ipad to the apple tv for presentation. If I connect both devices to the WLAN 1 which is using flex local switching option they can communicate with no problem, but if the devices are connected to WLAN 2 the guest vlan they can't communicate with each other. Is it possible to get this to also work on WLAN 2 ?
Note: Both WLAN types are WLAN and P2P Blocking Action is set to default (disabled).
Does any one have any ideas what could be causing my issue?
Thanks in advance for your help,Well since your talking about Apple TV, you need to look at this reference guide for Apple's bonjour. This will explain how to get it to work and the limitation when an AP is in local or FlexConnect mode. The bonjour just doesn't work as people think it should because they can get it to work with a linksys AP.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_tech_note09186a0080bb1d7c.shtml
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
Enhance standard class with event handler method
In trying to enhance a standard class with a new event handler class, I find that the ECC 6.0 EHP4 system does not appear to recognise the fact the method is an event handler method. The specific example is a new method to handle the event CL_GUI_AL
-
Is it possible that iMac corrupts connected external hdd-s drive via USB?
Is it possible that iMac corrupts connected external hdd-s drive via USB? (two wd cav. green 2tb from different purchase went down in one day, both from the backside usb ports) First one of my video storage hdd, full of files suddenly got extremely s
-
I'm trying to figure out how to use the Asset role. When a new employee is hired, he can be assigned a laptop with a small range of extras, e.g. a bag or docking station. Can I create a Asset role named Laptop and somehow some checkboxes and a notes
-
Safari 5.1 will not clear cache
I have been at mac since, well forever, my Cube is still running and that was my 3rd mac, so not a total nub. However, it seems that safari 5.1 is a bit broken. I do web page work, among other things, and I need to clear the Cache regularly. Unfortun
-
Implement User Authorization to View Dashboard
How if I want to create different views of the one dashboard created with Xcelsius based on the user permissions. Suppose I have 10 Projects information in the dashboard. I want one group of users to see first 5 projects in the dashboard and another