Learn how to a build a cloud-first strategyRegister Now


DHCP issues through wireless controller

Posted on 2014-07-15
Medium Priority
Last Modified: 2014-07-16
I have a network that i am setting up.  The plan is to amalgamate several internet only WLANs to use as little equipment as possible.  We have 4 internet connections coming into a Pepwave load balancer, the links are then passed down to a cisco ASA 5510 in and the internal port of the ASA is configured using sub-interfaces to provide each instance on the internal with its own subnet.  Please refer to attached diagram for details, if i put PC 2 in one of the VLANS (73) associated with a sub-interface from the ASA in can get and IP and browse using the designated IP subnet so i know DHCP and all rules on the ASA are working.  I then created an interface on the Cisco WLC 5508 ensured that it is in the appropriate VLAN (73) and has an IP from the required subnet.  From the WLC i can ping the gateway for the VLAN (73) which is the ASA so i verified 2 way communication.  I then created a WLAN instance on the controller with no security, clients can connect but are not getting any dhcp address so they can't browse.  I logged into the controller and did a debug for dhcp events and packets and the controller sees the initial dhcp request, knows that it is for an external DHCP server and knows what the next hop is ( the ASA).  However when I monitor the ASA I am not seeing any DHCP request.  On the Interface I have the proxy set to global and it is pointing to the DHCP server.   Any Ideas what I'm missing or where I'm going wrong?
Question by:operationsbze

Expert Comment

ID: 40198038
DHCP isn't routable, to use one DHCP server for multiple VLANs you need to use the ip helper feature to forward the DHCP broadcast.  See: http://www.cisco.com/en/US/docs/ios/12_4t/ip_addr/configuration/guide/htdhcpre.html#wp1085170

LVL 18

Expert Comment

ID: 40198751
Check the interface setting on your WLC
Each interface has to have DHCP server specified (IP Helper Address - although not labeled as such in WLCs)
See example below

LVL 47

Accepted Solution

Craig Beck earned 1000 total points
ID: 40199294
Akinsd is correct in that with a WLC you put the IP helper address (the DHCP server IP) in the interface on the WLC if you're using DHCP proxy.

However, you're using the ASA as the DHCP server so I'd highly recommend you use DHCP bridging instead.  DHCP servers on Firewalls don't like to respond to proxied DHCP requests and if the firewall sees a modified DHCP packet it might drop it.

If you disable DHCP proxy you should see that the clients get an IP address immediately.  You won't need an IP helper configuring anywhere as each subnet uses the ASA as its default gateway anyway.

Author Comment

ID: 40199711
Thanks for the comments guys, @ Akinsd I do have the DHCP information configured on the WLC so I will have to look at the bridging option that that Craig is suggesting, I will let you know how it turns out.

Author Closing Comment

ID: 40199807
This was the problem, disabled the DHCP proxy mode for the created interface and i was able to get an IP and connect to the net, thanks Craig

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question