DHCP issues through wireless controller

Posted on 2014-07-15
Last Modified: 2014-07-16
I have a network that i am setting up.  The plan is to amalgamate several internet only WLANs to use as little equipment as possible.  We have 4 internet connections coming into a Pepwave load balancer, the links are then passed down to a cisco ASA 5510 in and the internal port of the ASA is configured using sub-interfaces to provide each instance on the internal with its own subnet.  Please refer to attached diagram for details, if i put PC 2 in one of the VLANS (73) associated with a sub-interface from the ASA in can get and IP and browse using the designated IP subnet so i know DHCP and all rules on the ASA are working.  I then created an interface on the Cisco WLC 5508 ensured that it is in the appropriate VLAN (73) and has an IP from the required subnet.  From the WLC i can ping the gateway for the VLAN (73) which is the ASA so i verified 2 way communication.  I then created a WLAN instance on the controller with no security, clients can connect but are not getting any dhcp address so they can't browse.  I logged into the controller and did a debug for dhcp events and packets and the controller sees the initial dhcp request, knows that it is for an external DHCP server and knows what the next hop is ( the ASA).  However when I monitor the ASA I am not seeing any DHCP request.  On the Interface I have the proxy set to global and it is pointing to the DHCP server.   Any Ideas what I'm missing or where I'm going wrong?
Question by:operationsbze
    LVL 5

    Expert Comment

    DHCP isn't routable, to use one DHCP server for multiple VLANs you need to use the ip helper feature to forward the DHCP broadcast.  See:

    LVL 18

    Expert Comment

    Check the interface setting on your WLC
    Each interface has to have DHCP server specified (IP Helper Address - although not labeled as such in WLCs)
    See example below

    LVL 44

    Accepted Solution

    Akinsd is correct in that with a WLC you put the IP helper address (the DHCP server IP) in the interface on the WLC if you're using DHCP proxy.

    However, you're using the ASA as the DHCP server so I'd highly recommend you use DHCP bridging instead.  DHCP servers on Firewalls don't like to respond to proxied DHCP requests and if the firewall sees a modified DHCP packet it might drop it.

    If you disable DHCP proxy you should see that the clients get an IP address immediately.  You won't need an IP helper configuring anywhere as each subnet uses the ASA as its default gateway anyway.

    Author Comment

    Thanks for the comments guys, @ Akinsd I do have the DHCP information configured on the WLC so I will have to look at the bridging option that that Craig is suggesting, I will let you know how it turns out.

    Author Closing Comment

    This was the problem, disabled the DHCP proxy mode for the created interface and i was able to get an IP and connect to the net, thanks Craig

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Coaxial cable bending There are several factors that govern the selection of coaxial cable for your Machine to Machine (M2M) application: the location of cable runs, either indoor or outdoor, inside or outside an enclosure, maximum bending and the…
    In this article I will describe how to setup a Cisco WLC 5508 to work with Apple's Bonjour protocol across VLANs.  I will also discuss using screen mirroring and Airplay on an AppleTV v3.  This article covers the wireless network only and requires m…
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now