Cisco WLC – DHCP Proxy for clients

This post contains quick notes about configuring DHCP Proxy option  on  Cisco WLC 2106 (software version 7.0.240.0).

Quick Notes

  1. DHCP works only for wireless clients
  2. WLC acts as DHCP proxy agent – it doesn’t simply relay DHCP request from WLAN. WLC acts as a DHCP client to another DHCP server.

Configuration

The DHCP server will be used by wireless clients.

Enable DHCP Proxy

Check on option Enable DHCP Proxy (it is enabled by default). This option means that the WLC acts like DHCP Relay agent – it will capture DHCP requests made by your wireless clients and forward them to the specified DHCP server (internal or external).

Go to Controller -> Advanced -> DHCP.

Enable Proxy DHCP

Define DHCP scope

If you want to use internal WLC DHCP server then define DHCP Scope(s) on the WLC:

DHCP WLC FC 2

Select DHCP server

There are two places where you can point out which DHCP server should be use by your wireless clients. The precedence has DHCP server configured within WLAN (edit your WLAN and go to Advanced tab). There is a DHCP section where you can select override checkbox and point out the DHCP server.

Note – if you want to use internal WLC DHCP server then type WLC management IP address in the text box.

DHCP for WLAN

The second place is the Dynamic Interface definition (it has lower priority than the previous definition). Note – if you want to use internal WLC DHCP server then type WLC management IP address in the DHCP server text box.

DHCP for Dynamic Interface

Tip 1: this option doesn’t work as a “backup option” for the previous one.

Tip 2: WLC uses its Dynamic Interface IP settings to relay DHCP messages to the external DHCP server. It means that any relayed DHCP packet uses Dynamic Interface IP address into IP source field. If  packet must be sent further (via gateway) then Dynamic Interface gateway is used.

For example – if your WLAN network is mapped to the Dynamic Interface in VLAN 5 then your DHCP server should be defined on this VLAN directly (if DHCP server is in the same network as your Dynamic Interface) or the gateway in this VLAN must know the route to the DHCP server (if DHCP server is not in the same network as your Dynamic Interface).

Tip 3: The Dynamic Interface IP address is also used to determine the DHCP scope for wireless-client (this address is setup up as DHCP GIADDR). You can look for GIADDR field the in the next section (Debug).

Debug

You can debug DHCP from your WLC controller. (Note: to debug only specific client use debug client MAC-address command).

In the following example my wireless-client (laptop) was assigned 10.30.100.210 IP address from WLC internal DHCP server. In this particular session the client  obtained IP address 10.30.200.210 previously and now requested the same address again.

(Cisco Controller) >
(Cisco Controller) >debug dhcp message enable
(Cisco Controller) >
(Cisco Controller) >*DHCP Socket Task: Jan 02 23:55:50.550: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 85
*DHCP Socket Task: Jan 02 23:55:50.550: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP REQUEST
*DHCP Socket Task: Jan 02 23:55:50.550: 5c:93:a2:d0:54:14 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Jan 02 23:55:50.550: 5c:93:a2:d0:54:14 DHCP option: requested ip = 10.30.200.210
*DHCP Socket Task: Jan 02 23:55:50.550: 5c:93:a2:d0:54:14 DHCP option: 12 (len 7) - skipping
*DHCP Socket Task: Jan 02 23:55:50.551: 5c:93:a2:d0:54:14 DHCP option: 81 (len 19) - skipping
*DHCP Socket Task: Jan 02 23:55:50.551: 5c:93:a2:d0:54:14 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Jan 02 23:55:50.551: 5c:93:a2:d0:54:14 DHCP option: 55 (len 12) - skipping
*DHCP Socket Task: Jan 02 23:55:50.551: 5c:93:a2:d0:54:14 DHCP options end, len 85, actual 77
*DHCP Socket Task: Jan 02 23:55:50.551: 5c:93:a2:d0:54:14 DHCP Forwarding packet locally (348 octets) from 10.30.0.10 to 192.168.0.201
*DHCP Server: Jan 02 23:55:50.552: dhcpd: Received 348 byte dhcp packet from 0x0a001e0a 10.30.0.10:68
*DHCP Server: Jan 02 23:55:50.552: 5c:93:a2:d0:54:14 dhcpd: packet 10.30.0.10 -> 192.168.0.201 using scope "StudentScope"
*DHCP Server: Jan 02 23:55:50.552: 5c:93:a2:d0:54:14 dhcpd: received REQUEST
*DHCP Server: Jan 02 23:55:50.552: 5c:93:a2:d0:54:14 Checking node 10.30.200.210  Allocated 1451778141, Expires 1451864541 (now: 1451778950)
*DHCP Server: Jan 02 23:55:50.552: adding option 0x35
*DHCP Server: Jan 02 23:55:50.552: adding option 0x36
*DHCP Server: Jan 02 23:55:50.553: adding option 0x33
*DHCP Server: Jan 02 23:55:50.553: adding option 0x03
*DHCP Server: Jan 02 23:55:50.553: adding option 0x0f
*DHCP Server: Jan 02 23:55:50.553: adding option 0x01
*DHCP Server: Jan 02 23:55:50.553: 5c:93:a2:d0:54:14 dhcpd: Sending DHCP packet (giaddr:10.30.0.10)to 127.0.0.1:67  from 127.0.0.1:1067
*DHCP Server: Jan 02 23:55:50.553: 5c:93:a2:d0:54:14 sendto (572 bytes) returned 572
*DHCP Proxy Task: Jan 02 23:55:50.553: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 336
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP ACK
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP option: server id = 192.168.0.201
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP option: lease time = 86400 seconds
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP option: gateway = 10.30.0.1
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP option: 15 (len 10) - skipping
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP option: netmask = 255.255.0.0
*DHCP Proxy Task: Jan 02 23:55:50.554: 5c:93:a2:d0:54:14 DHCP options end, len 336, actual 64
*DHCP Socket Task: Jan 02 23:55:55.954: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 72
*DHCP Socket Task: Jan 02 23:55:55.955: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP INFORM
*DHCP Socket Task: Jan 02 23:55:55.955: 5c:93:a2:d0:54:14 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Jan 02 23:55:55.955: 5c:93:a2:d0:54:14 DHCP option: 12 (len 7) - skipping
*DHCP Socket Task: Jan 02 23:55:55.955: 5c:93:a2:d0:54:14 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Jan 02 23:55:55.955: 5c:93:a2:d0:54:14 DHCP option: 55 (len 13) - skipping
*DHCP Socket Task: Jan 02 23:55:55.955: 5c:93:a2:d0:54:14 DHCP options end, len 72, actual 64
*DHCP Socket Task: Jan 02 23:55:55.956: 5c:93:a2:d0:54:14 DHCP Forwarding packet locally (332 octets) from 10.30.0.10 to 192.168.0.201
*DHCP Server: Jan 02 23:55:55.956: dhcpd: Received 332 byte dhcp packet from 0x0a001e0a 10.30.0.10:68
*DHCP Server: Jan 02 23:55:55.956: 5c:93:a2:d0:54:14 Checking node 10.30.200.210  Allocated 1451778950, Expires 1451865350 (now: 1451778955)
*DHCP Server: Jan 02 23:55:55.956: 5c:93:a2:d0:54:14 dhcpd: packet 10.30.0.10 -> 192.168.0.201 using scope "StudentScope"
*DHCP Server: Jan 02 23:55:55.956: 5c:93:a2:d0:54:14 dhcpd: received INFORM
*DHCP Server: Jan 02 23:55:55.957: adding option 0x35
*DHCP Server: Jan 02 23:55:55.957: adding option 0x36
*DHCP Server: Jan 02 23:55:55.957: adding option 0x33
*DHCP Server: Jan 02 23:55:55.957: adding option 0x03
*DHCP Server: Jan 02 23:55:55.957: adding option 0x0f
*DHCP Server: Jan 02 23:55:55.957: adding option 0x01
*DHCP Server: Jan 02 23:55:55.957: 5c:93:a2:d0:54:14 dhcpd: Sending DHCP packet (giaddr:10.30.0.10)to 127.0.0.1:67  from 127.0.0.1:1067
*DHCP Server: Jan 02 23:55:55.957: 5c:93:a2:d0:54:14 sendto (572 bytes) returned 572

*DHCP Proxy Task: Jan 02 23:55:55.958: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 336
*DHCP Proxy Task: Jan 02 23:55:55.958: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP ACK
*DHCP Proxy Task: Jan 02 23:55:55.958: 5c:93:a2:d0:54:14 DHCP option: server id = 192.168.0.201
*DHCP Proxy Task: Jan 02 23:55:55.958: 5c:93:a2:d0:54:14 DHCP option: lease time = 86400 seconds
*DHCP Proxy Task: Jan 02 23:55:55.958: 5c:93:a2:d0:54:14 DHCP option: gateway = 10.30.0.1
*DHCP Proxy Task: Jan 02 23:55:55.958: 5c:93:a2:d0:54:14 DHCP option: 15 (len 10) - skipping
*DHCP Proxy Task: Jan 02 23:55:55.959: 5c:93:a2:d0:54:14 DHCP option: netmask = 255.255.0.0
*DHCP Proxy Task: Jan 02 23:55:55.959: 5c:93:a2:d0:54:14 DHCP options end, len 336, actual 64

The following session was recorded for client which obtained IP address 10.30.100.101 from external DHCP server.

(Cisco Controller) >
(Cisco Controller) >debug dhcp message enable

(Cisco Controller) >*DHCP Socket Task: Jan 03 01:06:12.993: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 72
*DHCP Socket Task: Jan 03 01:06:12.993: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP DISCOVER
*DHCP Socket Task: Jan 03 01:06:12.993: 5c:93:a2:d0:54:14 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:12.993: 5c:93:a2:d0:54:14 DHCP option: 12 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:12.993: 5c:93:a2:d0:54:14 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Jan 03 01:06:12.994: 5c:93:a2:d0:54:14 DHCP option: 55 (len 12) - skipping
*DHCP Socket Task: Jan 03 01:06:12.994: 5c:93:a2:d0:54:14 DHCP options end, len 72, actual 64
*DHCP Socket Task: Jan 03 01:06:12.994: 5c:93:a2:d0:54:14 DHCP Forwarding DHCP packet (332 octets)                    -- packet received on direct-connect port requires forwarding to external DHCP server. Next-hop is 10.30.0.101
*DHCP Socket Task: Jan 03 01:06:16.140: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 71
*DHCP Socket Task: Jan 03 01:06:16.140: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP OFFER
*DHCP Socket Task: Jan 03 01:06:16.140: 5c:93:a2:d0:54:14 DHCP option: server id = 10.30.0.101
*DHCP Socket Task: Jan 03 01:06:16.140: 5c:93:a2:d0:54:14 DHCP option: netmask = 255.255.0.0
*DHCP Socket Task: Jan 03 01:06:16.140: 5c:93:a2:d0:54:14 DHCP option: gateway = 10.30.0.1
*DHCP Socket Task: Jan 03 01:06:16.141: 5c:93:a2:d0:54:14 DHCP option: lease time = 60000 seconds
*DHCP Socket Task: Jan 03 01:06:16.141: 5c:93:a2:d0:54:14 DHCP option: 58 (len 4) - skipping
*DHCP Socket Task: Jan 03 01:06:16.141: 5c:93:a2:d0:54:14 DHCP option: 59 (len 4) - skipping
*DHCP Socket Task: Jan 03 01:06:16.141: 5c:93:a2:d0:54:14 DHCP option: 7 (len 4) - skipping
*DHCP Socket Task: Jan 03 01:06:16.141: 5c:93:a2:d0:54:14 DHCP option: 66 (len 11) - skipping
*DHCP Socket Task: Jan 03 01:06:16.141: 5c:93:a2:d0:54:14 DHCP options end, len 71, actual 64
*DHCP Socket Task: Jan 03 01:06:16.143: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 91
*DHCP Socket Task: Jan 03 01:06:16.143: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP REQUEST
*DHCP Socket Task: Jan 03 01:06:16.143: 5c:93:a2:d0:54:14 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:16.143: 5c:93:a2:d0:54:14 DHCP option: requested ip = 10.30.100.101
*DHCP Socket Task: Jan 03 01:06:16.143: 5c:93:a2:d0:54:14 DHCP option: server id = 1.1.1.1
*DHCP Socket Task: Jan 03 01:06:16.144: 5c:93:a2:d0:54:14 DHCP option: 12 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:16.144: 5c:93:a2:d0:54:14 DHCP option: 81 (len 19) - skipping
*DHCP Socket Task: Jan 03 01:06:16.144: 5c:93:a2:d0:54:14 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Jan 03 01:06:16.144: 5c:93:a2:d0:54:14 DHCP option: 55 (len 12) - skipping
*DHCP Socket Task: Jan 03 01:06:16.144: 5c:93:a2:d0:54:14 DHCP options end, len 91, actual 83
*DHCP Socket Task: Jan 03 01:06:16.144: 5c:93:a2:d0:54:14 DHCP Forwarding DHCP packet (348 octets)                    -- packet received on direct-connect port requires forwarding to external DHCP server. Next-hop is 10.30.0.101
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 71
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP ACK
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option: server id = 10.30.0.101
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option: netmask = 255.255.0.0
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option: gateway = 10.30.0.1
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option: lease time = 60000 seconds
*DHCP Socket Task: Jan 03 01:06:16.165: 5c:93:a2:d0:54:14 DHCP option: 58 (len 4) - skipping
*DHCP Socket Task: Jan 03 01:06:16.166: 5c:93:a2:d0:54:14 DHCP option: 59 (len 4) - skipping
*DHCP Socket Task: Jan 03 01:06:16.166: 5c:93:a2:d0:54:14 DHCP option: 7 (len 4) - skipping
*DHCP Socket Task: Jan 03 01:06:16.166: 5c:93:a2:d0:54:14 DHCP option: 66 (len 11) - skipping
*DHCP Socket Task: Jan 03 01:06:16.166: 5c:93:a2:d0:54:14 DHCP options end, len 71, actual 64
*DHCP Socket Task: Jan 03 01:06:16.166: 5c:93:a2:d0:54:14 In apfMsDhcpStateClear for station  ---
*DHCP Socket Task: Jan 03 01:06:22.524: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 72
*DHCP Socket Task: Jan 03 01:06:22.524: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP INFORM
*DHCP Socket Task: Jan 03 01:06:22.524: 5c:93:a2:d0:54:14 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:22.524: 5c:93:a2:d0:54:14 DHCP option: 12 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:22.524: 5c:93:a2:d0:54:14 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Jan 03 01:06:22.524: 5c:93:a2:d0:54:14 DHCP option: 55 (len 13) - skipping
*DHCP Socket Task: Jan 03 01:06:22.525: 5c:93:a2:d0:54:14 DHCP options end, len 72, actual 64
*DHCP Socket Task: Jan 03 01:06:25.922: 5c:93:a2:d0:54:14 DHCP option len (including the magic cookie) 72
*DHCP Socket Task: Jan 03 01:06:25.922: 5c:93:a2:d0:54:14 DHCP option: message type = DHCP INFORM
*DHCP Socket Task: Jan 03 01:06:25.923: 5c:93:a2:d0:54:14 DHCP option: 61 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:25.923: 5c:93:a2:d0:54:14 DHCP option: 12 (len 7) - skipping
*DHCP Socket Task: Jan 03 01:06:25.923: 5c:93:a2:d0:54:14 DHCP option: vendor class id = MSFT 5.0 (len 8)
*DHCP Socket Task: Jan 03 01:06:25.923: 5c:93:a2:d0:54:14 DHCP option: 55 (len 13) - skipping
*DHCP Socket Task: Jan 03 01:06:25.923: 5c:93:a2:d0:54:14 DHCP options end, len 72, actual 64

Sources

  1. http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/110865-dhcp-wlc.html#Internal-DHCP
  2. https://rscciew.wordpress.com/2014/07/16/dhcp-with-the-wlc/
  3. http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_01001001.html#ID308/

Leave a Reply

Your email address will not be published. Required fields are marked *