• Home   /  
  • Archive by category "1"

Dhcp Address Assignment Required

I ran into a strange problem recently, a Cisco WLAN controller 5508 with 1142N APs (not sure the model and controller matter entirely as I found the fix on a support forum thread for a 4000 series) would allow clients to connect, get an IP address but NOT pass any traffic other than ICMP.  I thought maybe the problem was Windows firewall related but disabled it still appeared.  I thought maybe a driver problem but tried several revs of the driver, and it also happened with different model cards.  A temporary work around was to disable, then re-enable the wireless card.

DHCP is handled by a Windows 2008 server, not the access points or WLAN manager, and again - the client was actually DHCPing an address (as I type that I wonder if there is a problem with the DHCP server now, but it didn’t happen to wired clients or on a temporary access point we brought in…).  There was a thought it was a DHCP problem since ping worked, but I could not access network resources via IP which ruled DNS out.  Yet another test was to isolate the WLAN controller and APs on to a separate switch.  This also eliminated what appears to be a known problem with 2960 switches where APs cannot register with the controller (which wasn’t our problem but worth isolating anyways).  I also removed all but 1 of the APs, but the problem persisted.

Now had I listened to my own Troubleshooting 101 post, I would have opened a support ticket, but this particular company let the support lapse and did not want to renew it.  This also meant I did not have access to download the latest software for the controller or APs.  So for those wondering, thats why there was no all into Cisco TAC on this issue.

What lead me to the fix that ultimately ”fixed” the problem was an error I found in the logs “APF−1−REGISTER_IPADD_ON_MSCB_FAILED: Could not RegisterIP Add on MSCB. MSCB still in init state.”  Now I am happy this is fixed, but I am not happy with what the “fix” was yet because I haven’t found good documentation that explains why this fixed our problem.  I had to enable DHCP Addr. Assignment in the advanced section of the WLAN config, according to the documentation from Cisco:

DHCP Addr. Assignment Required setting, which disallows client static IP addresses. If DHCP Addr. Assignment Required is selected, clients must obtain an IP address via DHCP. Any client with a static IP address is not be allowed on the network. The controller monitors DHCP traffic because it acts as a DHCP proxy for the clients.

Thats good and all, but my clients WERE DHCPing  addresses just fine and APs were broadcasting SSIDs just fine.  Oh and by the way this was all working swell through October, for several months actually, and just started to have problems in November.  If anyone has a better description/document that more deeply defines the DHCP Addr. Assignement Required option I would love to read it.

To get a brief overview about DHCP process in Wired Infrastructure, please see my previous post: DHCP Basics
In this post we will see the different DHCP operation on Cisco Wireless LAN Controller.
As we all know that we can use Externalor internal DHCP server for wireless clients via Cisco WLC.

Topology Diagram:

So first we will go through the configuration and functionality of external DHCP server for a WLAN.

External DHCP Server:

WLC can support two modes in case of External DHCP server.

  1. DHCP proxy
  2. DHCP Bridging

DHCP Proxy Mode:

To use the controller as a DHCP proxy, the DHCP proxy feature must be enabled on the controller. By default, this feature is enabled.

DHCP server must be configured on each WLC interface that requires DHCP services. A DHCP server can be configured on the management interface, AP-manager interface, and on dynamic interfaces.

Configuration

To enable DHCP proxy and DHCP server configuration WLC interface:

Via GUI:

Enable DHCP Proxy

Enter DHCP IP for WLC Interface: (It just an example)

Via CLI:

Enable DHCP Proxy

(WLC1) >config dhcp proxy enable (WLC1) >show dhcp proxy DHCP Proxy Behavior: enabled

Configure DHCP server IP on WLC Interface:

Example:

(WLC1) >config interface dhcp dynamic-interface <interface-name> primary <primary-server> secondary <secondary-server> (WLC1) >config interface dhcp dynamic-interface guest primary 192.168.10.1 secondary 0.0.0.0
  • The DHCP proxy mode serves as a DHCP helper function to achieve better security and control over DHCP transaction between the DHCP server and the wireless clients.
  • In this mode Controller virtual IP address (1.1.1.1 or depends on …what we have) as source IP address for all DHCP process for client means we will not see the exact DHCP server IP address in our packet capture.
  • When multiple offers are coming from external DHCP servers, the DHCP proxy normally selects the first one that comes in and sets the IP address of the server in the client data structure. As a result, all following transactions go through the same DHCP server until a transaction fails after retries. At this point, the proxy selects a different DHCP server for the client.
  • DHCP proxy is enabled by default. All controllers that will communicate must have the same DHCP proxy setting.
  • In this DHCP proxy mode, it is not only directing DHCP packets to the DHCP server, it is actually building new DHCP packets to forward to the DHCP server. All DHCP options which are present in the client’s DHCP packets are copied in the controller’s DHCP packets.

Packet flow:

  1. Client boots up and send DHCP Discover on all subnet broadcast.
  2. WLC unicast this packet to DHCP server(as configured on WLC interface)
  3. DHCP server send DHCP offer to WLC.
  4. WLC unicast DHCP offer to Client with source address as WLC virtual IP address.
  5. Client send DHCP request to WLC on Virtual address because Client think that this virtual IP is DHCP server address
  6. WLC unicast DHCP request to DHCP server which returned the first offer to the client.
  7. DHCP server send ACK to WLC
  8. WLC unicast ACK from virtual IP to the client.

Let see the packet capture from Client side:

DHCP Discover Packet:

1.1.1.1 is the WLC Virtual Interface IP address
10.xx.xx.13 is the Client IP address.

DHCP Offer:

DHCP Request:

DHCP ACK:

DHCP Bridge Mode

DHCP bridging mode provides an option to make controller’s role in DHCP transaction entirely transparent to the wireless clients.

Configuration:

To enable the DHCP bridging functionality on the controller, we must disable the DHCP proxy feature on the controller.

Via GUI:

Via CLI:

(WLC1) >config dhcp proxy disable (WLC1) >show dhcp proxy DHCP Proxy Behaviour: disabled

Packet Flow:

  1. Client send DHCP Discover on all subnet broadcast which is bridged by controller
  2. DHCP server send DHCP offer to Client
  3. Client send DHCP request to all subnet
  4. DHCP server send ACK to client in unicast packet

Let see the packet capture from Client Side:

DHCP Discover:

DHCP Offer:

10.xx.xx.254 is the Router Gateway IP address
10.xx.xx.13 is the client IP address
10.xx.xx.1 is the DHCP server IP address

DHCP Request:

DHCP ACK:

Internal DHCP Server:

Internal DHCP is used for small office where external DHCP server is not possible to use.

Cisco recommend to use internal DHCP with less than 10 AP in network, if we have more AP then 10 then better to use external DCHP.

Internal DHCP provide IP to WLAN clients, directly connected APs.

Internal DHCP Server Configuration:

We must enable DHCP proxy on the controller to allow the internal DHCP server to function.

Via GUI:

Via CLI:

Enable DHCP Proxy

(WLC1) >config dhcp proxy enable (WLC1) >show dhcp proxy DHCP Proxy Behavior: enabled

*** For internal DHCP we must create a DHCP scope for specific interface and put the WLC management IP in interface primary DHCP server configuration box or Point DHCP override to the management interface IP address of our controller under WLAN > edit

How to Create DHCP Scope: Login to WLC GUI then goes to Controller>Internal DHCP Server >DHCP Scope > New

Assign DHCP Server :

On Dynamic Interface:

See the 2nd Pic of the post.

DHCP override to the management interface IP per WLAN.

Packet Flow:

  1. Client send DHCP discover on all subnet as broadcast
  2. WLC forward the DHCP discover via DHCP proxy to internal DHCP server ip address(Management interface IP of WLC)
  3. Internal DHCP server send DHCP offer to WLC proxy agent.
  4. WLC send unicast DHCP offer to client with source address of WLC management Interface IP.
  5. Client send DHCP request to WLC on management interface IP.
  6. WLC send unicast DHCP request to internal server via DHCP proxy
  7. Internal DHCP server sends DHCP ACK to DHCP proxy.
  8. WLC send unicast DHCP ACK to client

Just small Info in short to remember: Many guys like me have confusion between these two words:

ADHCP proxy server has a fully-functional DHCP client and DHCP server implementation in it. The client part requests addresses from another DHCP server and stores them in an internal address pool while the server part listens to DHCP requests from clients and uses this internal pool to lease the addresses.(like: Internal DHCP server)

ADHCP relay agent listens to the broadcast DHCP requests from clients and forward them to another DHCP server (usually per unicast).

*** In both DHCP relay and DHCP proxy cases the clients will never see the real DHCP server but rather will consider the intermediate element as their DHCP server.

Let’s see the packet capture from Client side:

DHCP Discover:

DHCP Offer:

DHCP Request:

DHCP ACK:

10.xx.xx.26 is the client IP address.
10.xx.xx.254 is the Router Gateway IP address.

 

One thought on “Dhcp Address Assignment Required

Leave a comment

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *