DHCP server does not work with unicast DHCP discover

[zahary_g]

I have a problem with FirstSpot DHCP server. This server is located behind a Cisco WLC 5508, so the topology looks something like this:
ISP<->Router<->FirstSpot<->Cisco WLC5508<->AP<->Client

The problem comes from the fact that Cisco WLC is using unicast to proxy the DHCP request coming from the client. And Firstspot is not replying back to a unicast DHCP discover frame coming from the Cisco WLC. I have sniff traces of this if needed. I tested with a traditional wireless client (eliminating the Cisco WLC) and everything works as expected (because the client is sending a broadcast DHCP discover frame). Any ideas of a workaround or a possible fix?

Thanks
Zach
_________________
Thanks
Zach

[zahary_g]

No. Time Source Destination Protocol Length Info
133 91.452445 10.20.7.3 10.20.7.1 DHCP 346 DHCP Discover - Transaction ID 0xe9ef55f0

Frame 133: 346 bytes on wire (2768 bits), 346 bytes captured (2768 bits)
Arrival Time: Oct 31, 2011 12:36:16.197142000 Eastern Daylight Time
Epoch Time: 1320078976.197142000 seconds
[Time delta from previous captured frame: 1.384084000 seconds]
[Time delta from previous displayed frame: 1.384084000 seconds]
[Time since reference or first frame: 91.452445000 seconds]
Frame Number: 133
Frame Length: 346 bytes (2768 bits)
Capture Length: 346 bytes (2768 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_af:18:64 (50:3d:e5:af:18:64), Dst: HewlettP_cd:84:28 (00:0b:cd:cd:84:2
Destination: HewlettP_cd:84:28 (00:0b:cd:cd:84:2
Address: HewlettP_cd:84:28 (00:0b:cd:cd:84:2
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Cisco_af:18:64 (50:3d:e5:af:18:64)
Address: Cisco_af:18:64 (50:3d:e5:af:18:64)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.20.7.3 (10.20.7.3), Dst: 10.20.7.1 (10.20.7.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 332
Identification: 0x0000 (0)
Flags: 0x00
Fragment offset: 0
Time to live: 255
Protocol: UDP (17)
Header checksum: 0x9875 [correct]
Source: 10.20.7.3 (10.20.7.3)
Destination: 10.20.7.1 (10.20.7.1)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootps (67)
Source port: bootps (67)
Destination port: bootps (67)
Length: 312
Checksum: 0x7d72 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Request (1)
Hardware type: Ethernet
Hardware address length: 6
Hops: 1
Transaction ID: 0xe9ef55f0
Seconds elapsed: 27
Bootp flags: 0x8000 (Broadcast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 10.20.7.3 (10.20.7.3)
Client MAC address: IntelCor_44:1f:2a (00:26:c7:44:1f:2a)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (t=53,l=1) DHCP Message Type = DHCP Discover
Option: (t=61,l=7) Client identifier
Option: (t=12,l=11) Host Name = "USNB0801897"
Option: (t=60,l= Vendor class identifier = "MSFT 5.0"
Option: (t=55,l=12) Parameter Request List
Padding (10 bytes)
End Option
Padding
_________________
Thanks
Zach

[zahary_g]

I am running FirstSpot® v7.0.2 Tria. I have tried this on Windows Server 2003 and 2008 R2, in both cases the DHCP server does not respond to a unicast discover frame.
_________________
Thanks
Zach

[alan]

Does your Cisco WLC5508 act as DHCP Relay (i.e. IP Helper)? In that case, you need to setup Multiple Network Segments. Refer to chapter 4 of firstspot_guide.pdf (Scenario 3) for more information.
_________________
~ Patronsoft Limited ~

[zahary_g]

Alan thanks for the quick response.
The Cisco WLC is not exactly a DHCP relay. It does change the DHCP discover from broadcast to unicast, but it stays in the same subnet . So FirstSpot visitor's interface, the WLC interface and all wireless clients are in the same subnet (10.20.7.0) and also in the same layer 2 vlan.
If i set up multiple network segments, i have to create a new network segment, which look really wierd:
Router: 10.20.7.2 (Cisco WLC Interface)
Mask: 255.255.255.0
Gateway: 10.20.7.1

I actually tried that and it works for the IP DHCP part, but it also provides 10.20.7.2 (WLC Interface) as a default gateway to DHCP clients. And that brakes it, because WLC does not route.

I am sure that there are customers out there that deployed FirstSpot with Cisco WLC, so i am curious how did they make it work.
_________________
Thanks
Zach

[alan]

It looks like your Cisco WLC does act like DHCP relay. Note that FirstSpot only supports DHCP relay in Multiple Network Segments scenario.

Can you make your Cisco WLC more "transparent"? FirstSpot is designed in pure TCP/IP level and it doesn't aware of VLAN tagging. FirstSpot DHCP server will only respond to plain client request (in Scenario 1, see http://patronsoft.com/firstspot/topologies.html) or DHCP relay request (in Scenario 3).
_________________
~ Patronsoft Limited ~

[zahary_g]

Thank you Alan.
I found a way to make the Cisco WLC more "transperent"
By default the WLCs come with "DHCP proxy" enabled. Disabling this feature, fixes the issue of not being able to obtain IP address from FirstSpot DHCP server.
_________________
Thanks
Zach