Vous êtes sur la page 1sur 11

3/14/13

DHCP with the WLC - Cisco Systems

Cisco 4400 Series Wireless LAN Controllers

DHCP with the WLC


HOME SUPPORT PRODUCT SUPPORT END-OF-SALE AND END-OF-LIFE PRODUCTS CISCO 4400 SERIES WIRELESS LAN CONTROLLERS TROUBLESHOOT AND ALERTS TROUBLESHOOTING TECHNOTES DHCP with the WLC

Document ID: 110865

Contents
Introduction Prerequisites Requirements Components Used Conventions External DHCP Server Comparison of DHCP Proxy and Bridging Modes DHCP Proxy Mode Proxy Packet flow Proxy Packet Capture Proxy Configuration Example Troubleshooting Caveats DHCP Bridging Mode DHCP Bridging Operations - Bridging Packet flow Bridging Packet Capture - Client Perspective Bridging Packet Capture - Server perspective Bridging Configuration Example Troubleshooting Caveats DHCP Bridging Before Release 4.2 Internal DHCP Server Comparison of Internal DHCP and Bridging Modes Internal DHCP Server - Packet flow Internal DHCP Server Configuration Example Troubleshooting Clearing the DHCP Leases on the WLC's Internal DHCP Server Caveats End User Interface DHCP Required L2 and L3 Roaming Cisco Support Community - Featured Conversations Related Information

Introduction

Customers using Cisco Unified Wireless solutions have been reporting issues with the DHCP support provided on the Wireless LAN Controller (WL problems. Others are due to lack of proper understanding on the DHCP implementation.

This document describes the different DHCP operations on the wireless controller, which provides consistent and accurate information to custome cases.

Prerequisites
Requirements
There are no specific requirements for this document.

Components Used
This document is not restricted to specific software and hardware versions.

Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.

External DHCP Server


The WLC supports two modes of DHCP operations in case an external DHCP server is used: DHCP proxy mode DHCP bridging mode DHCP proxy mode serves as a DHCP helper function to achieve better security and control over DHCP transaction between the DHCP server and make controllers role in DHCP transaction entirely transparent to the wireless clients.

Comparison of DHCP Proxy and Bridging Modes


Handling Client DHCP DHCP Bridging Mode No

DHCP Proxy Mode Yes

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

Modify giaddr

1/11

3/14/13
Modify giaddr Modify siaddr Modify Packet Content

DHCP with the WLC - Cisco Systems


Yes Yes Yes No No No No No No Server No

Redundant offers not Yes forwarded Option 82 Support Broadcast to Unicast BOOTP support RFC Non-compliant Yes Yes No Proxy and relay agent are not exactly the same concept. DHCP bridging mode is recommended for full RFC compliance.

DHCP Proxy Mode


The DHCP proxy is not ideal for all network environments. The controller modifies and relays all DHCP transactions to provide helper function, and The controllers virtual IP address is normally used as the source IP address of all DHCP transactions to the client. As a result, the real DHCP displayed in debug output for DHCP transactions on the controller. However, using virtual IP address can cause issues on certain types of clients. DHCP proxy mode operation maintains the same behavior for both symmetric and asymmetric mobility protocols.

When multiple offers are coming from external DHCP servers, the DHCP proxy normally selects the first one that comes in and sets the IP addres following transactions go through the same DHCP server until a transaction fails after retries. At this point, the proxy selects a different DHCP serv DHCP proxy is enabled by default. All controllers that will communicate must have the same DHCP proxy setting. Note: DHCP proxy must be enabled in order for DHCP option 82 to operate correctly.

Proxy Packet flow

Proxy Packet Capture

When the controller is in DHCP proxy mode, it is not only directing DHCP packets to the DHCP server, it is actually building new DHCP packets t present in the client's DHCP packets are copied in the controller's DHCP packets. The next screenshot examples show this for a DHCP request p Client Perspective This screenshot is of a packet capture taken from the clients perspective. It shows a DHCP discover, DHCP offer, DHCP request, and a DHCP detail is expanded showing the DHCP options.

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

2/11

3/14/13

DHCP with the WLC - Cisco Systems

Server Perspective

This screenshot is of a packet capture taken from the servers perspective. Similar to the previous example, it shows a DHCP discover, DHCP packets that the controller built as a function of DHCP proxy. Again, the DHCP request is highlighted and the bootp protocol detail is expanded sh the clients DHCP request packet. Also note that the WLC proxy is relaying packet and highlight packet addresses.

Proxy Configuration Example

To use the controller as a DHCP proxy, the DHCP proxy feature must be enabled on the controller. By default, this feature is enabled. To enable D in the 4.2.x.x codes, this can only be accomplished in the CLI. (ic Cnrle)>ofgdc poyeal Cso otolr cni hp rx nbe (ic Cnrle)>hwdc poy Cso otolr so hp rx DC PoyBhvo:eald HP rx eair nbe

For DHCP proxy to work, a primary DHCP server must be configured on each controller interface that requires DHCP services. A DHCP server can interface, and on dynamic interfaces. The following CLI commands can be used to configure a DHCP server for each interface.

(ic Cnrle)>ofgitraedc a-aae piay<rmr-evr Cso otolr cni nefc hp pmngr rmr piaysre> (ic Cnrle)>ofgitraedc mngmn piay<rmr-evr Cso otolr cni nefc hp aaeet rmr piaysre> (ic Cnrle)>ofgitraedc dnmcitrae<nefc-ae piay<rmr-evr Cso otolr cni nefc hp yai-nefc itraenm> rmr piaysre The DHCP bridging feature is a global setting, so it affects all DHCP transactions within the controller.

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

Troubleshooting

3/11

3/14/13
Troubleshooting

DHCP with the WLC - Cisco Systems

This is the output of the debug dhcp packet enable command. The debug shows a controller receiving a DHCP request from a client with MAC a DHCP server, receiving a reply from the DHCP server, and sending a DHCP offer to the client. (ic Cnrle)>eu dc msaeeal Cso otolr dbg hp esg nbe

TuJn2 2:85 20:0:09:48:1DC rcie o BORQET()(e 32 pr 2,ec h u 5 14:5 09 04:6b:ce HP eevd p OTEUS 1 ln 1, ot 9 na TuJn2 2:85 20:0:09:48:1DC oto ln(nldn temgccoi)7 h u 5 14:5 09 04:6b:ce HP pin e icuig h ai oke 6 TuJn2 2:85 20:0:09:48:1DC oto:msaetp =DC RQET h u 5 14:5 09 04:6b:ce HP pin esg ye HP EUS TuJn2 2:85 20:0:09:48:1DC oto:6 (e 7 -sipn h u 5 14:5 09 04:6b:ce HP pin 1 ln ) kpig TuJn2 2:85 20:0:09:48:1DC oto:rqetdi =5.0.. h u 5 14:5 09 04:6b:ce HP pin euse p 01127 TuJn2 2:85 20:0:09:48:1DC oto:1 (e 7 -sipn h u 5 14:5 09 04:6b:ce HP pin 2 ln ) kpig TuJn2 2:85 20:0:09:48:1DC oto:8 (e 1)-sipn h u 5 14:5 09 04:6b:ce HP pin 1 ln 1 kpig TuJn2 2:85 20:0:09:48:1DC oto:vno casi =MF 50(e 8 h u 5 14:5 09 04:6b:ce HP pin edr ls d ST . ln ) TuJn2 2:85 20:0:09:48:1DC oto:5 (e 1)-sipn h u 5 14:5 09 04:6b:ce HP pin 5 ln 1 kpig TuJn2 2:85 20:0:09:48:1DC otosed ln7,ata 6 h u 5 14:5 09 04:6b:ce HP pin n, e 6 cul 8 TuJn2 2:85 20:0:09:48:1DC slcigrly1-cnrlbokstig: h u 5 14:5 09 04:6b:ce HP eetn ea oto lc etns dcSre:0000 dcNtak 0000 hpevr ..., hpems: ..., dcGtwy 0000 dcRly 0000 VA:0 hpaea: ..., hpea: ... LN TuJn2 2:85 20:0:09:48:1DC slce rly1-1...1(oa ades5.0. h u 5 14:5 09 04:6b:ce HP eetd ea 1001 lcl drs 011 TuJn2 2:85 20:0:09:48:1DC tasitn DC RQET() h u 5 14:5 09 04:6b:ce HP rnmtig HP EUS 3 TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP o:BORQET hye Ehre,he:6 hp: p OTEUS, tp: tent ln , os TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP xd 0f397 (21281,sc:0 fas 0 i: xcc99 43898) es , lg: TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP cad:0:09:48:1 hdr 04:6b:ce TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP cad:0000 yad:0000 idr ..., idr ... TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP sad:0000 gad:5.0..1 idr ..., idr 01101 TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP rqetdi:5.0.. euse p 01127 TuJn2 2:85 20:0:09:48:1DC Fradn DC pce (3 ott) h u 5 14:5 09 04:6b:ce HP owrig HP akt 32 ces - p - a TuJn2 2:85 20:0:09:48:1DC snigRQETt 5.0.. (e 30 pr 2,v h u 5 14:5 09 04:6b:ce HP edn EUS o 01101 ln 5, ot 9 l TuJn2 2:85 20:0:09:48:1DC slcigrly2-cnrlbokstig: h u 5 14:5 09 04:6b:ce HP eetn ea oto lc etns dcSre:0000 dcNtak 0000 hpevr ..., hpems: ..., dcGtwy 0000 dcRly 5.0..1 VA:11 hpaea: ..., hpea: 01101 LN 0 TuJn2 2:85 20:0:09:48:1DC slce rly2-NN h u 5 14:5 09 04:6b:ce HP eetd ea OE TuJn2 2:85 20:0:09:48:1DC rcie o BORPY()(e 36 pr 2,ecp h u 5 14:5 09 04:6b:ce HP eevd p OTEL 2 ln 1, ot 9 na TuJn2 2:85 20:0:09:48:1DC oto ln(nldn temgccoi)8 h u 5 14:5 09 04:6b:ce HP pin e icuig h ai oke 0 TuJn2 2:85 20:0:09:48:1DC oto:msaetp =DC AK h u 5 14:5 09 04:6b:ce HP pin esg ye HP C TuJn2 2:85 20:0:09:48:1DC oto:5 (e 4 -sipn h u 5 14:5 09 04:6b:ce HP pin 8 ln ) kpig TuJn2 2:85 20:0:09:48:1DC oto:5 (e 4 -sipn h u 5 14:5 09 04:6b:ce HP pin 9 ln ) kpig TuJn2 2:85 20:0:09:48:1DC oto:laetm =610 scns h u 5 14:5 09 04:6b:ce HP pin es ie 920 eod TuJn2 2:85 20:0:09:48:1DC oto:sre i =1...1 h u 5 14:5 09 04:6b:ce HP pin evr d 1001 TuJn2 2:85 20:0:09:48:1DC oto:ntak=252500 h u 5 14:5 09 04:6b:ce HP pin ems 5.5.. TuJn2 2:85 20:0:09:48:1DC oto:1 (e 1)-sipn h u 5 14:5 09 04:6b:ce HP pin 5 ln 4 kpig TuJn2 2:85 20:0:09:48:1DC oto:gtwy=5.0.. h u 5 14:5 09 04:6b:ce HP pin aea 01101 TuJn2 2:85 20:0:09:48:1DC oto:DSsre,ct=1 frt=1...1 h u 5 14:5 09 04:6b:ce HP pin N evr n , is 1001 TuJn2 2:85 20:0:09:48:1DC oto:WN sre,ct=1 frt=1...1 h u 5 14:5 09 04:6b:ce HP pin IS evr n , is 1001 TuJn2 2:85 20:0:09:48:1DC otosed ln8,ata 7 h u 5 14:5 09 04:6b:ce HP pin n, e 0 cul 2 TuJn2 2:85 20:0:09:48:1DC stigsre fo AK(evr1...1 yad 5 h u 5 14:5 09 04:6b:ce HP etn evr rm C sre 1001, idr TuJn2 2:85 20:0:09:48:1AsgigAdes5.0.. t mbl h u 5 14:5 09 04:6b:ce sinn drs 01127 o oie TuJn2 2:85 20:0:09:48:1DC snigRPYt SA(e 44 pr 2,va 2) h u 5 14:5 09 04:6b:ce HP edn EL o T ln 2, ot 9 ln 0 TuJn2 2:85 20:0:09:48:1DC tasitn DC AK() h u 5 14:5 09 04:6b:ce HP rnmtig HP C 5 TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP o:BORPY hye Ehre,he:6 hp:0 p OTEL, tp: tent ln , os TuJn2 2:85 20:0:09:48:1DC h u 5 14:5 09 04:6b:ce HP xd 0f397 (21281,sc:0 fas 0 i: xcc99 43898) es , lg: TuJn2 2:85 20:0:09:48:1DC h u 5 14:9 09 04:6b:ce HP cad:0:09:48:1 hdr 04:6b:ce TuJn2 2:85 20:0:09:48:1DC h u 5 14:9 09 04:6b:ce HP cad:0000 yad:5.0.. idr ..., idr 01127 TuJn2 2:85 20:0:09:48:1DC h u 5 14:9 09 04:6b:ce HP sad:0000 gad:0000 idr ..., idr ... TuJn2 2:85 20:0:09:48:1DC h u 5 14:9 09 04:6b:ce HP sre i:1111 rv sre i:1...1 evr d ... cd evr d 1001

Caveats

Interoperability issues can exist between a controller with DHCP proxy enabled and devices acting as both a firewall and DHCP server. This firewalls generally do not respond to proxy requests. The workaround for this issue is to disable DHCP proxy on the controller.

When a client is in DHCP REQ state on the controller, the controller drops DHCP inform packets. The client will not go into a RUN state on it receives a DHCP discover packet from the client. DHCP inform packets are forwarded by the controller when DHCP proxy is disabled. All controllers that will communicate must have the same DHCP proxy setting.

DHCP Bridging Mode

The DHCP bridging feature is designed to make the controllers role in the DHCP transaction entirely transparent to the client. With the exception bridged unmodified from the LWAPP tunnel to the clients VLAN (or EoIP tunnel in the L3 roaming case). Similarly, with the exception of Ethernet unmodified from the clients VLAN (or EoIP tunnel in the L3 roaming case) to the LWAPP tunnel. Think of this as wiring a client into a switchport a

DHCP Bridging Operations - Bridging Packet flow

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

Bridging Packet Capture - Client Perspective

4/11

3/14/13

DHCP with the WLC - Cisco Systems


Bridging Packet Capture - Client Perspective

In the client side packet capture screenshot above, the main difference between the client capture in Proxy mode is the real IP of the DHCP server controllers virtual IP address.

Bridging Packet Capture - Server perspective

In the wired packet capture screenshot above you can see that packet 40 is the bridged DHCP Request broadcast from the test client 00:40:96:b6

Bridging Configuration Example

To enable the DHCP bridging functionality on the controller, you must disable the DHCP proxy feature on the controller. In the 4.2.x.x codes this c (ic Cnrle)>ofgdc poydsbe Cso otolr cni hp rx ial (ic Cnrle)>hwdc poy Cso otolr so hp rx DC PoyBhvor dsbe HP rx eaiu: iald

If the DHCP server does not exist on the same layer 2 network as the client then the broadcast will need to be forwarded to the DHCP server at the configuration: Sic#oft wthcn Sic(ofg#nefc va <letva # wthcni)itrae ln cin ln > Sic(ofgi)i hle-drs <hpsre I> wthcni-f#p eprades dc evr P

The DHCP bridging feature is a global setting, so it affects all DHCP transactions within the controller. You need to add ip helper statements in the

Troubleshooting

This is a sample debug output from a controller on 4.2.205.0 code. The debugs listed here were enabled on the controller CLI and the DHCP portio (ic Cnrle)>eu cin 0:09:64:1 Cso otolr dbg let 04:6b:45 (ic Cnrle)>eu dc msaeeal Cso otolr dbg hp esg nbe 0:09:64:1DC rcie o BORQET()(e 38 pr 1 ecp0e0) 04:6b:45 HP eevd p OTEUS 1 ln 0, ot , na xc3

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

5/11

3/14/13

DHCP with the WLC - Cisco Systems


0:09:64:1DC oto ln(nldn temgccoi)7 04:6b:45 HP pin e icuig h ai oke 2 0:09:64:1DC oto:msaetp =DC DSOE 04:6b:45 HP pin esg ye HP ICVR 0:09:64:1DC oto:16(e 1 -sipn 04:6b:45 HP pin 1 ln ) kpig 0:09:64:1DC oto:6 (e 7 -sipn 04:6b:45 HP pin 1 ln ) kpig 0:09:64:1DC oto:1 (e 1)-sipn 04:6b:45 HP pin 2 ln 2 kpig 0:09:64:1DC oto:vno casi =MF 50(e 8 04:6b:45 HP pin edr ls d ST . ln ) 0:09:64:1DC oto:5 (e 1)-sipn 04:6b:45 HP pin 5 ln 1 kpig 0:09:64:1DC otosed ln7,ata 6 04:6b:45 HP pin n, e 2 cul 4 0:09:64:1DC poesn DC DSOE () 04:6b:45 HP rcsig HP ICVR 1 0:09:64:1DC 04:6b:45 HP o:BORQET hye Ehre,he:6 hp:0 p OTEUS, tp: tent ln , os 0:09:64:1DC 04:6b:45 HP xd 024fb (7559) sc:0 fas 0 i: x2da6 55378, es , lg: 0:09:64:1DC 04:6b:45 HP cad:0:09:64:1 hdr 04:6b:45 0:09:64:1DC 04:6b:45 HP cad:0000 yad:0000 idr ..., idr ... 0:09:64:1DC 04:6b:45 HP sad:0000 gad:0000 idr ..., idr ... 0:09:64:1DC scesul bigdpce t D 04:6b:45 HP ucsfly rde akt o S 0:09:64:1DC rcie o BORPY()(e 38 pr 1 ecp0e0) 04:6b:45 HP eevd p OTEL 2 ln 0, ot , na xc0 0:09:64:1DC oto ln(nldn temgccoi)7 04:6b:45 HP pin e icuig h ai oke 2 0:09:64:1DC oto:msaetp =DC OFR 04:6b:45 HP pin esg ye HP FE 0:09:64:1DC oto:sre i =12181. 04:6b:45 HP pin evr d 9.6.01 0:09:64:1DC oto:laetm =823scns 04:6b:45 HP pin es ie 46 eod 0:09:64:1DC oto:5 (e 4 -sipn 04:6b:45 HP pin 8 ln ) kpig 0:09:64:1DC oto:5 (e 4 -sipn 04:6b:45 HP pin 9 ln ) kpig 0:09:64:1DC oto:ntak=2525250 04:6b:45 HP pin ems 5.5.5. 0:09:64:1DC oto:gtwy=12181. 04:6b:45 HP pin aea 9.6.01 0:09:64:1DC otosed ln7,ata 6 04:6b:45 HP pin n, e 2 cul 4 0:09:64:1DC poesn DC OFR() 04:6b:45 HP rcsig HP FE 2 0:09:64:1DC 04:6b:45 HP o:BORPY hye Ehre,he:6 hp:0 p OTEL, tp: tent ln , os 0:09:64:1DC 04:6b:45 HP xd 024fb (7559) sc:0 fas 0 i: x2da6 55378, es , lg: 0:09:64:1DC 04:6b:45 HP cad:0:09:64:1 hdr 04:6b:45 0:09:64:1DC 04:6b:45 HP cad:0000 yad:12181.0 idr ..., idr 9.6.014 0:09:64:1DC 04:6b:45 HP sad:0000 gad:0000 idr ..., idr ... 0:09:64:1DC 04:6b:45 HP sre i:12181. rv sre i:12181. evr d 9.6.01 cd evr d 9.6.01 0:09:64:1DC scesul bigdpce t SA 04:6b:45 HP ucsfly rde akt o T 0:09:64:1DC rcie o BORQET()(e 38 pr 1 ecp0e0) 04:6b:45 HP eevd p OTEUS 1 ln 2, ot , na xc3 0:09:64:1DC oto ln(nldn temgccoi)9 04:6b:45 HP pin e icuig h ai oke 2 0:09:64:1DC oto:msaetp =DC RQET 04:6b:45 HP pin esg ye HP EUS 0:09:64:1DC oto:6 (e 7 -sipn 04:6b:45 HP pin 1 ln ) kpig 0:09:64:1DC oto:rqetdi =12181.0 04:6b:45 HP pin euse p 9.6.014 0:09:64:1DC oto:sre i =12181. 04:6b:45 HP pin evr d 9.6.01 0:09:64:1DC oto:1 (e 1)-sipn 04:6b:45 HP pin 2 ln 2 kpig 0:09:64:1DC oto:8 (e 1)-sipn 04:6b:45 HP pin 1 ln 6 kpig 0:09:64:1DC oto:vno casi =MF 50(e 8 04:6b:45 HP pin edr ls d ST . ln ) 0:09:64:1DC oto:5 (e 1)-sipn 04:6b:45 HP pin 5 ln 1 kpig 0:09:64:1DC otosed ln9,ata 8 04:6b:45 HP pin n, e 2 cul 4 0:09:64:1DC poesn DC RQET() 04:6b:45 HP rcsig HP EUS 3 0:09:64:1DC 04:6b:45 HP o:BORQET hye Ehre,he:6 hp:0 p OTEUS, tp: tent ln , os 0:09:64:1DC 04:6b:45 HP xd 024fb (7559) sc:0 fas 0 i: x2da6 55378, es , lg: 0:09:64:1DC 04:6b:45 HP cad:0:09:64:1 hdr 04:6b:45 0:09:64:1DC 04:6b:45 HP cad:0000 yad:0000 idr ..., idr ... 0:09:64:1DC 04:6b:45 HP sad:0000 gad:0000 idr ..., idr ... 0:09:64:1DC 04:6b:45 HP rqetdi:12181.0 euse p 9.6.014 0:09:64:1DC 04:6b:45 HP sre i:12181. rv sre i:12181. evr d 9.6.01 cd evr d 9.6.01 0:09:64:1DC scesul bigdpce t D 04:6b:45 HP ucsfly rde akt o S 0:09:64:1DC rcie o BORPY()(e 38 pr 1 ecp0e0) 04:6b:45 HP eevd p OTEL 2 ln 0, ot , na xc0 0:09:64:1DC oto ln(nldn temgc 04:6b:45 HP pin e icuig h ai coi)7 0:09:64:1DC oto:msaetp =DC AK oke 2 04:6b:45 HP pin esg ye HP C 0:09:64:1DC oto:sre i =12181. 04:6b:45 HP pin evr d 9.6.01 0:09:64:1DC oto:laetm =840scns 04:6b:45 HP pin es ie 60 eod 0:09:64:1DC oto:5 (e 4 -sipn 04:6b:45 HP pin 8 ln ) kpig 0:09:64:1DC oto:5 (e 4 -sipn 04:6b:45 HP pin 9 ln ) kpig 0:09:64:1DC oto:ntak=2525250 04:6b:45 HP pin ems 5.5.5. 0:09:64:1DC oto:gtwy=12181. 04:6b:45 HP pin aea 9.6.01 0:09:64:1DC otosed ln7,ata 6 04:6b:45 HP pin n, e 2 cul 4 0:09:64:1DC poesn DC AK() 04:6b:45 HP rcsig HP C 5 0:09:64:1DC 04:6b:45 HP o:BORPY hye Ehre,he:6 hp:0 p OTEL, tp: tent ln , os 0:09:64:1DC 04:6b:45 HP xd 024fb (7559) sc:0 fas 0 i: x2da6 55378, es , lg: 0:09:64:1DC 04:6b:45 HP cad:0:09:64:1 hdr 04:6b:45 0:09:64:1DC 04:6b:45 HP cad:0000 yad:12181.0 idr ..., idr 9.6.014 0:09:64:1DC 04:6b:45 HP sad:0000 gad:0000 idr ..., idr ... 0:09:64:1DC 04:6b:45 HP sre i:12181. rv sre i:12181. evr d 9.6.01 cd evr d 9.6.01 0:09:64:1AsgigAdes12181.0 t mbl 04:6b:45 sinn drs 9.6.014 o oie 0:09:64:1DC scesul bigdpce t SA 04:6b:45 HP ucsfly rde akt o T 0:09:64:112181.0 AddNUetyo tp 1 04:6b:45 9.6.014 de P nr f ye In this DHCP debug output, there are a few key indications that DHCP bridging is in use on the controller: DHCP successfully bridged packet to DSThis means that the original DHCP packet from the client was bridged, unaltered to the DHCP successfully bridged packet to STAThis message indicates that the DHCP packet was bridged, unaltered to the station (STA). The

Also, you see the actual server IP listed in the debugs, which is 192.168.10.1. If DHCP proxy was in use instead of DHCP bridging, you would see

Caveats
By default, DHCP proxy is enabled. All controllers that will communicate must have the same DHCP proxy setting. DHCP proxy must be enabled for DHCP option 82 to work.

DHCP Bridging Before Release 4.2


Before the 4.2 code release you could disable DHCP proxy on the controller. However, this did not actually bridge the DHCP packets to the wired

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

6/11

3/14/13

DHCP with the WLC - Cisco Systems

Before the 4.2 code release you could disable DHCP proxy on the controller. However, this did not actually bridge the DHCP packets to the wired proxied the DHCP communication to the DHCP server, however the client itself was informed of the real IP address of the DHCP server instead of b

Internal DHCP Server


The internal DHCP server was introduced initially for branch offices where an external DHCP server is not available. It is designed to support a same subnet. The internal server provides IP addresses to wireless clients, direct-connect APs, appliance-mode APs on the management interfac full-blown general purpose DHCP server. It only supports limited functionality and will not scale in a larger deployment.

Comparison of Internal DHCP and Bridging Modes

The two main DHCP modes on the controller are either DHCP proxy or DHCP bridging. With DHCP bridging the controller acts more like a DHCP AP via a client association to a SSID that is linked to a VLAN. Then, the DHCP packet goes out that VLAN. If an IP helper is defined on that VLAN server via directed unicast. The DHCP server then responds back directly to the layer 3 interface that forwarded that DHCP packet. With DHCP directly at the controller instead of the VLANs layer 3 interface. For example, a DHCP request comes in to the WLAN from the client, the WLAN t interface *or* will use the DHCP override function of the WLAN to forward a unicast DHCP packet to the DHCP server with the DHCP packets GIAD

Internal DHCP Server - Packet flow

Internal DHCP Server Configuration Example


You must enable DHCP proxy on the controller to allow the internal DHCP server to function. This can be done via the GUI under this section: Cnrle-Avne-DC otolr>dacd>HP (oe StigteDC poyvateGIi ntaalbei alvrin) Nt: etn h HP rx i h U s o vial n l esos

Or via the CLI: Cni dc poyeal ofg hp rx nbe Sv cni ae ofg To enable the internal DHCP server, complete these steps: 1. Define a scope that you will use to pull IP addresses (Controller->Internal DHCP Server->DHCP Scope). Click New.

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

7/11

3/14/13

DHCP with the WLC - Cisco Systems

2. Point either your DHCP override to the management interface IP address of your controller:

Or, you can use the DHCP option of the controller interface configuration for the interface you wish to use the internal DHCP server.

3. Make sure that DHCP proxy is enabled:

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

8/11

3/14/13

DHCP with the WLC - Cisco Systems

Troubleshooting
Debugging the internal DHCP server is typically a matter of finding a client that is having a problem getting an IP address. You need to run these dbgcin <A ADESO CIN> eu let MC DRS F LET The debug client is a macro that enables these debugs for you while focusing the debug out only on the client MAC address that you have dbgdc pce eal eu hp akt nbe dbgdt1mbl eal eu o1 oie nbe dbgdt1saeeal eu o1 tt nbe dbgdtxeet eal eu o1 vns nbe dbgpmeet eal eu e vns nbe dbgpmsaeeal eu e tt nbe dbgck cin dbgeal eu cm let eu nbe The main one for DHCP issues is the debug dhcp packet enable command that is enabled automatically by the debug client command.

0:b7:bc:5dcd rcie DSOE 01:72:f7 hp: eevd ICVR 0:b7:bc:5dcd SnigDC pce (idr12181024t 170016 fo 17001 01:72:f7 hp: edn HP akt gad:9.6.0.5)o 2...:7 rm 2... 0:b7:bc:5snt (4 bts rtre 58 01:72:f7 edo 58 ye) eund 4 0:b7:bc:5DC oto ln(nldn temgccoi)32 01:72:f7 HP pin e icuig h ai oke 1 0:b7:bc:5DC oto:msaetp =DC OFR 01:72:f7 HP pin esg ye HP FE 0:b7:bc:5DC oto:sre i =12181024 01:72:f7 HP pin evr d 9.6.0.5 0:b7:bc:5DC oto:laetm =840scns 01:72:f7 HP pin es ie 60 eod 0:b7:bc:5DC oto:gtwy=1218101 01:72:f7 HP pin aea 9.6.0. 0:b7:bc:5DC oto:1 (e 1)-sipn 01:72:f7 HP pin 5 ln 3 kpig 0:b7:bc:5DC oto:ntak=2525250 01:72:f7 HP pin ems 5.5.5. 0:b7:bc:5DC otosed ln32 ata 6 01:72:f7 HP pin n, e 1, cul 4 0:b7:bc:5DC oto ln(nldn temgccoi)8 01:72:f7 HP pin e icuig h ai oke 1 0:b7:bc:5DC oto:msaetp =DC RQET 01:72:f7 HP pin esg ye HP EUS 0:b7:bc:5DC oto:6 (e 7 -sipn 01:72:f7 HP pin 1 ln ) kpig 0:b7:bc:5DC oto:rqetdi =12181010 01:72:f7 HP pin euse p 9.6.0.0 0:b7:bc:5DC oto:sre i =1111 01:72:f7 HP pin evr d ... 0:b7:bc:5DC oto:1 (e 1)-sipn 01:72:f7 HP pin 2 ln 4 kpig 0:b7:bc:5DC oto:vno casi =MF 50(e 8 01:72:f7 HP pin edr ls d ST . ln ) 0:b7:bc:5DC oto:5 (e 1)-sipn 01:72:f7 HP pin 5 ln 1 kpig 0:b7:bc:5DC oto:4 (e 3 -sipn 01:72:f7 HP pin 3 ln ) kpig 0:b7:bc:5DC otosed ln8,ata 7 01:72:f7 HP pin n, e 1 cul 3 0:b7:bc:5DC Fradn pce lcly(4 ott)fo 12181024t 1218102 01:72:f7 HP owrig akt oal 30 ces rm 9.6.0.5 o 9.6.0.5 dcd Rcie 30bt dc pce fo 0f6ac 121810246 hp: eevd 4 ye hp akt rm xe480 9.6.0.5:8 0:b7:bc:5dcd pce 12181024- 12181024uigsoe"srSoe 01:72:f7 hp: akt 9.6.0.5 > 9.6.0.5 sn cp Ue cp" 0:b7:bc:5dcd rcie RQET 01:72:f7 hp: eevd EUS 0:b7:bc:5Cekn nd 12181010 Alctd14954,Eprs14014 (o:14 01:72:f7 hcig oe 9.6.0.0 loae 26813 xie 27753 nw 26 0:b7:bc:5dcd sre_d=ca6f 01:72:f7 hp: evri 084e 0:b7:bc:5dcd sre_d=ca6f adn oto 03 adn oto 03 adn oto 0 01:72:f7 hp: evri 084e dig pin x5 dig pin x6 dig pin x 0:b7:bc:5dcd SnigDC pce (idr12181024t 170016 fo 17001 01:72:f7 hp: edn HP akt gad:9.6.0.5)o 2...:7 rm 2... 0:b7:bc:5snt (4 bts rtre 58 01:72:f7 edo 58 ye) eund 4 0:b7:bc:5DC oto ln(nldn temgccoi)32 01:72:f7 HP pin e icuig h ai oke 1 0:b7:bc:5DC oto:msaetp =DC AK 01:72:f7 HP pin esg ye HP C 0:b7:bc:5DC oto:sre i =12181024 01:72:f7 HP pin evr d 9.6.0.5 0:b7:bc:5DC oto:laetm =840scns 01:72:f7 HP pin es ie 60 eod 0:b7:bc:5DC oto:gtwy=1218101 01:72:f7 HP pin aea 9.6.0. 0:b7:bc:5DC oto:1 (e 1)-sipn 01:72:f7 HP pin 5 ln 3 kpig 0:b7:bc:5DC oto:ntak=2525250 01:72:f7 HP pin ems 5.5.5. 0:b7:bc:5DC otosed ln32 ata 6 01:72:f7 HP pin n, e 1, cul 4

Clearing the DHCP Leases on the WLC's Internal DHCP Server

With Wireless LAN Controller version 7.0.98, you can issue this command in order to clear the DHCP leases on the Internal DHCP server of the W cni dc cerlae<l/PAdes ofg hp la-es alI drs>

Here is an example: cni dc cerlaeal ofg hp la-es l

Caveats
DHCP proxy must be enabled for the Internal DHCP server to function. Use of DHCP to port 1067 when using the Internal DHCP server, which is affected by the CPU ACL. The Internal DHCP server listens on the controller loopback interface via 127.0.0.1 udp port 67.

End User Interface


In order for customers to experience consistent behavior with existing deployments, the DHCP proxy will remain enabled by default.

The config dhcp proxy disable command implies the use of the DHCP bridging function. This is a global command (not a per-WLAN com

When the DHCP proxy is disabled, the Internal DHCP server cannot be used by local WLANs. The bridging operation is not consistent with server. Bridging really does mean bridging, with the exception of 802.11 to Ethernet II conversion, DHCP packets are passed unmodified fro

When the proxy is enabled, a DHCP server must be configured on the WLANs interface (or in the WLAN itself) in order for the WLAN to be disabled as these servers are not used.

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

9/11

3/14/13

DHCP with the WLC - Cisco Systems


disabled as these servers are not used.

When a user attempts to enable the DHCP proxy, you internally verify that all WLANs (or associated interfaces) have a DHCP server config

DHCP Required

The WLAN advance configuration has an option that requires users to pass DHCP before going into the RUN state (a state where the client will be the client to do a full or half DHCP request. The main thing the controller is looking from the client is a DHCP request and an ACK coming back fro the client will pass the DHCP required step and move to the RUN state.

L2 and L3 Roaming

L2 - RoamIf the client has a valid DHCP lease and performs a L2 roam between two different controllers on the same L2 network, the client sho completely moved to the new controller from the original controller. Then, if the client does need to DHCP again, the DHCP bridging or proxy proce packet again.

L3 RoamIn a L3 roam scenario the client is moving between 2 different controllers in different L3 networks. In this situation the client is ancho new foreign controller. During the anchoring scenario the clients DHCP is handled by the anchor controller as the client data is tunneled within an

Cisco Support Community - Featured Conversations

Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers. Below are just som right now.

Want to see more? Join us by clicking here WLC dhcp option 150 Maximiliano.Garcia.Solorzano 1 Reply 5 years, 2 weeks ago DHCP Address Required option in WLC gstefanick 4 Replies 3 years, 2 months ago DHCP reservation in WLC? rrfield 1 Reply 3 years, 2 weeks ago DHCP in a redundant WLC envoirement. Knutsen2004 3 Replies 2 years, 1 week ago WLC and DHCP moises7777 3 Replies 1 year, 12 months ago clear DHCP in WLC abinaya.r38 11 Replies 1 year, 11 months ago APs not joining with new 2106 WLC billk_at_performance-br.com 6 Replies 1 year, 7 months ago Using both external and internal DHCP... Pvilhelmsson 4 Replies 3 months, 2 weeks ago Start A New Discussion Subscribe

Related Information
DHCP OPTION 43 for Lightweight Cisco Aironet Access Points Configuration Example Technical Support & Documentation - Cisco Systems Updated: Sep 10, 2009

Information For
Small Business Service Provider Executives Home

News & Alerts


New sroom Blogs New sletters Field Notices Security Advisories

Support
Dow nloads Documentation

About Cisco
Investor Relations Corporate Social Responsibility Environmental Sustainability Tomorrow Starts Here Career Opportunities

Communities
Developer Netw ork Learning Netw ork Support Community

Industries Contacts
Contact Cisco

Technology Trends
Cloud IPv6

Programs
Cisco Pow ered Financing Options

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

10/11

3/14/13
Find a Partner Medianet

DHCP with the WLC - Cisco Systems


Open Netw ork Environment Virtualization Experience Infrastructure

Contacts |

Feedback | Help | Site Map | Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks

www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080af5d13.shtml

11/11