Friday, October 14, 2016

Configuring DHCP on a Cisco WLC

I visited my sister a month ago and spent a day in Dubai before going together for our trip to New York. I had a chance to put on an Arabian traditional wear and be a Sheikh for a day. There's a lot of Filipino expats in Dubai which made it easy for us to shop and dine almost everywhere.



Cisco wireless controllers support the following interface types:

* Management interface - Used for normal management traffic, such as RADIUS user authentication, WLC-to-WLC communication, web-based and SSH sessions, SNMP, Network Time Protocol (NTP), syslog, and so on.

* AP-manager interface - A dynamic interface used to terminate CAPWAP tunnels between the controller and its APs. If no AP-manager interface is created, the function is performed by the manager interface instead.

* Virtual interface - IP address facing wireless clients when the controller is relaying client DHCP requests, performing client web authentication, and supporting client mobility.

* Service port interface (available on WLC 5508 and higher) - Bound to the service port and used for out-of-band management.

* Dynamic interface - Used to connect a VLAN to a WLAN.

The management interface faces the switched network, where management users and APs are located. Management traffic will usually consists of protocols like HTTPS, SSH, SNMP, NTP, TFTP, and so on. In addition, management interface traffic consists of CAPWAP packets that carry control and data tunnels to and from the APs.

The virtual interface is used only for certain client-facing operations. For example, when a wireless client issues a DHCP request to obtain an IP address, the controller can relay the request on to a normal DHCP server. From the client's perspective, the DHCP server appears to be the controller's virtual interface address. Clients may see the virtual interface's address, but that address is never used when the controller communicates with other devices on the switched network.

Because the virtual interface is used only for some client management functions, you should configure it with a unique, nonroutable address. For example, you might use 10.1.1.1 because it is within a private address space defined in RFC 1918.

Tip: Traditionally, many people have assigned IP address 1.1.1.1 to the virtual interface. Although it is a unique address, it is routable and already in use elsewhere on the Internet. A better practice is to use an IP address from the RFC 1918 private address space that is unused or reserved, such as 192.168.1.1. You could also use a reserved address from RFC 5737 (192.0.2.0/24) that is set aside for documentation purposes and is never used.

The virtual address is also used to support client mobility. For that reason, every controller that exists in the same mobility group should be configured with a virtual address that is identical to the others. By using one common virtual address, all the controllers will appear to operate as a cluster as clients roam from controller to controller.

Dynamic interfaces map WLANs to VLANs, making the logical connections between wireless and wired networks. You will configure one dynamic interface for each wireless LAN that is offered by the controller's AP, and then map the interface to the WLAN. Each dynamic interface must also be configured with its own IP address and can act as a DHCP relay for wireless clients. To filter traffic passing through a dynamic interface, you can configure an optional access list.


In my wireless lab, I've disabled DHCP on R1 and moved it to WLC1.

R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip dhcp excluded-address 10.72.235.193 10.72.235.196
R1(config)#no ip dhcp pool wired-data


Below are the steps in order to create a DHCP Scope in a WLC. You go to Controller > Internal DHCP Server > DHCP Scope > click New.


Type the Scope Name and click Apply.


Click on the newly created Scope Name.


Type DHCP Network Info, choose Enabled under Status and click Apply.



Go to Controller > Interfaces > click Interface Name > type the DHCP IP Address under Primary DHCP Server. You type the WLC management IP address for the WLANs/VLANs other than Management.


Go to WLANs > click WLAN ID > Advanced > tick Override under DHCP Server and type DHCP Server IP address which is the WLC Management IP address > click Apply > Save Configuration.


To verify DHCP leases go to Controller > Internal DHCP Server > DHCP Allocated Leases.




(Cisco Controller) >debug dhcp packet enable     // THIS IS A HANDY WLC DEBUG COMMAND FOR TROUBLESHOOTING DHCP ERRORS; TO STOP ISSUE A debug dhcp packet disable
(Cisco Controller) >*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selecting relay 1 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selected relay 1 - 10.72.235.195 (local address 10.72.235.195, gateway 10.72.235.195, VLAN 0, port 1)
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selecting relay 2 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.72.235.195  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 10.72.235.195, gateway 10.72.235.193, VLAN 0, port 1)
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selecting relay 1 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.72.235.195  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selected relay 1 - 10.72.235.195 (local address 10.72.235.195, gateway 10.72.235.195, VLAN 0, port 1)
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP transmitting DHCP DISCOVER (1)
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP   xid: 0x2fc94a87 (801720967), secs: 0, flags: 0
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP   chaddr: d0:25:98:90:1c:d9
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP   siaddr: 0.0.0.0,  giaddr: 10.72.235.195
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selecting relay 2 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.72.235.195  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:08.918: d0:25:98:90:1c:d9 DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 0.0.0.0, gateway 10.72.235.193, VLAN 0, port 1)
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP setting server from OFFER (server 10.72.235.195, yiaddr 10.72.235.198)
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP sending REPLY to STA (len 414, port 1, vlan 0)
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP transmitting DHCP OFFER (2)
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP   xid: 0x2fc94a87 (801720967), secs: 0, flags: 0
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP   chaddr: d0:25:98:90:1c:d9
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.72.235.198
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
*DHCP Proxy Task: Oct 08 13:59:08.920: d0:25:98:90:1c:d9 DHCP   server id: 10.1.1.1  rcvd server id: 10.72.235.195
*DHCP Socket Task: Oct 08 13:59:09.932: d0:25:98:90:1c:d9 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 08 13:59:09.932: d0:25:98:90:1c:d9 DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP selecting relay 1 - control block settings:
                        dhcpServer: 10.72.235.195, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.72.235.195  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP mscbVapLocalAddr=10.72.235.195 mscbVapLocalNetMask= 255.255.255.240 mscbdhcpRelay=10.72.235.195
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP selected relay 1 - 10.72.235.195 (local address 10.72.235.195, gateway 10.72.235.195, VLAN 0, port 1)
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   xid: 0x2fc94a87 (801720967), secs: 1, flags: 0
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   chaddr: d0:25:98:90:1c:d9
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   siaddr: 0.0.0.0,  giaddr: 10.72.235.195
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   requested ip: 10.72.235.198
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP   server id: 10.72.235.195  rcvd server id: 10.1.1.1
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP selecting relay 2 - control block settings:
                        dhcpServer: 10.72.235.195, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.72.235.195  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:09.933: d0:25:98:90:1c:d9 DHCP selected relay 2 - NONE
*DHCP Proxy Task: Oct 08 13:59:09.934: d0:25:98:90:1c:d9 DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Oct 08 13:59:09.934: d0:25:98:90:1c:d9 DHCP setting server from ACK (mscb=0x3ef11e00 ip=0xa48ebc6)(server 10.72.235.195, yiaddr 10.72.235.198)
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 Assigning Address 10.72.235.198 to mobile      // THIS IS MY iPHONE GOING THROUGH THE DHCP D.O.R.A PROCESS
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP sending REPLY to STA (len 414, port 1, vlan 0)
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP transmitting DHCP ACK (5)
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP   xid: 0x2fc94a87 (801720967), secs: 0, flags: 0
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP   chaddr: d0:25:98:90:1c:d9
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.72.235.198
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
*DHCP Proxy Task: Oct 08 13:59:09.935: d0:25:98:90:1c:d9 DHCP   server id: 10.1.1.1  rcvd server id: 10.72.235.195
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 1, encap 0xec03)
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP (encap type 0xec03) mstype 0ff:ff:ff:ff:ff:ff
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP selecting relay 1 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 0.0.0.0  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP selected relay 1 - 10.72.235.195 (local address 10.72.235.195, gateway 10.72.235.195, VLAN 0, port 1)
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP transmitting DHCP REQUEST (3)
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 1
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP   xid: 0x1bb0cf0b (464572171), secs: 0, flags: 0
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP   chaddr: 20:a2:e4:10:e7:1f
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP   siaddr: 0.0.0.0,  giaddr: 10.72.235.195
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP   requested ip: 10.72.235.197
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP selecting relay 2 - control block settings:
                        dhcpServer: 0.0.0.0, dhcpNetmask: 0.0.0.0,
                        dhcpGateway: 0.0.0.0, dhcpRelay: 10.72.235.195  VLAN: 0
*DHCP Socket Task: Oct 08 13:59:18.224: 20:a2:e4:10:e7:1f DHCP selected relay 2 - NONE (server address 0.0.0.0,local address 0.0.0.0, gateway 10.72.235.193, VLAN 0, port 1)
*DHCP Proxy Task: Oct 08 13:59:18.226: 20:a2:e4:10:e7:1f DHCP received op BOOTREPLY (2) (len 572,vlan 0, port 0, encap 0x0)
*DHCP Proxy Task: Oct 08 13:59:18.226: 20:a2:e4:10:e7:1f DHCP setting server from ACK (mscb=0x3ef135d0 ip=0xa48ebc5)(server 10.72.235.195, yiaddr 10.72.235.197)
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP setting server from ACK (server 10.72.235.195, yiaddr 10.72.235.197)
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f Assigning Address 10.72.235.197 to mobile
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP success event for client. Clearing dhcp failure count for interface management.
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP sending REPLY to STA (len 414, port 1, vlan 0)
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP transmitting DHCP ACK (5)
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP   xid: 0x1bb0cf0b (464572171), secs: 0, flags: 0
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP   chaddr: 20:a2:e4:10:e7:1f
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.72.235.197
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
*DHCP Proxy Task: Oct 08 13:59:18.227: 20:a2:e4:10:e7:1f DHCP   server id: 10.1.1.1  rcvd server id: 10.72.235.195
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)