[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

WLC - wireless clients can't get dhcp

Posted on 2011-03-16
1
Medium Priority
?
1,023 Views
Last Modified: 2013-11-12
I  am trying to set up a wireless network using WLC 4404 and various access points. We need two wireless networks, one for our corporate users and one for guest. I have the corporate one up and running correctly, however, I am having problems with guest network.

 
Right now, we have various stand alone access points through out the network. They all have two networks, one for corporate and one for guest. I have set up my wireless networks authentication like the stand alone APs, the corporate users authenticate via RADIUS and guest just by wp2 psk. DHCP is being handed out by our Windows DHCP server. At this time, all is good with the stand alone APs. We are however, in the process of going completely lwap and want to convert all the APs so they are managed via the WLC.

 
Right now when a guest access the lan, they put in the shared password, then they get a dhpc address from our DHCP server that gives them a private ip address but it sets their dns server to an external public dns server. Once the guest connects and gets the proper DHCP parameters our 6509 router ( which the wlc is connected to) has a policy route map that points the traffic out of our ASA. So when a guest connects they get pushed out from the 6509 to our ASA then the outside world. This makes it so tha that guest users cant access our internal lan.

 
This works great on our stand alone APs, however, the weirdness starts when I try to use the same route map on the new Guest lan. On the new guest lan I can't seem to get an ip address, if i remove the route map, it works fine, but we need that. In addition, if i connect to the current guest lan and then connect to the new guest lan, it works. I guess the pc is caching the dhcp info. I need to be able to keep the route map and get dhcp to work.

 
Both the new and current guest lans are configured with the same authenticaton parameters, but only the current guest can get dhcp.

 
Config on the 6509

 
interface vlan222

description Guest Wireless VLAN
ip address 10.10.10.1 255.255.255.0
ip helper-address 50.50.10.110 - (dhcp server
ip policy route-map INTERNET_ONLY

 
rout policy map

 
route-map INTERNET_ONLY permit 10
match ip address 12 (acl 2 permit ip any)
set ip next-hop 50.10.10.3 (asa)

 
Any help would be appriciated. Thanks.

 
Moises

ccnp security
0
Comment
Question by:moibeats
1 Comment
 

Accepted Solution

by:
moibeats earned 0 total points
ID: 35168931
The answer was to disable dhcp relay on the WLC.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month19 days, 22 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question