FlexConnect Central DHCP Configuration Example

Introduction

This document describes what feature FlexConnect Central Dynamic Host Configuration Protocol (DHCP) does and how to configure it.

Prerequisites

Requirements

Cisco recommends that you have basic knowledge of:

• AireOS WLCs
• FlexConnect APs
• DHCP
• Network Address Translation (NAT)
• Port Address Translation (PAT)

Components Used

• WLC v8.0.140.0
• AP 1700

Note: This feature is available since version 7.3.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Background Information

There are times when there are Access Points (APs) in FlexConnect mode installed on a site where there is no DHCP server available or where there is a DHCP server available for one of the subnets but the FlexConnect AP needs to service more than one Service Set Identifier (SSID) with different subnets.

In those cases, it is possible to bridge the DHCP discovery packets from the remote location into the Wireless LAN Controller (WLC) and from there, the WLC and forward the DHCP packet through one of its configured dynamic interfaces. Once the client gets an IP address from the Central DHCP server, the traffic from this client flows locally at the remote location.

If the subnet of the IP address assigned to the client does not exist at the remote location, you can enable NAT-PAT, so the traffic flows from the client to the AP, then the AP performs NAT-PAT and the traffic is able to flow locally in the remote site, even though that subnet does not exist over there.

Configure

Network Diagram

The configuration example uses this topology, with two Wireless Local Area Networks (WLANs), where WLAN-blue does have a local DHCP server in the remote location but WLAN-yellow does not have one. DHCP discovery packets sent on WLAN-yellow are forwarded to the WLC, then WLC forwards them through one of its dynamic interface with destination to the Central DHCP server, the Central DHCP Server assigns an IP address to the client on WLAN-yellow, after that the traffic generated by the client on WLAN-yellow flows locally and the FlexConnect AP does NAT/PAT to allow it, because the subnet of IP address assigned to the client does not exists at the Remote Location.

Example of how to configure WLAN-blue can be found in this link:

Configuring FlexConnect

There are three sections where Central DHCP can be configured:

• Per FlexConnect AP
• Per FlexConnect group
• Per WLAN

Dynamic Interface Configuration

Prior the configuration of Central DHCP for any of these scenarios, you need to configure the dynamic interface(s) that the WLC uses to forward the DHCP discovery packets.

Step 1. Navigate to CONTROLLER > Interfaces and click New.

Step 2. Assign a name and VLAN id, then hit Apply.

Step 3. Enter the IP address of that dynamic interface, its port and its DHCP server IP address. Once you are done, hit Apply.

In this example the default gateway of this dynamic interface is also the DHCP server for this VLAN.

In these configuration examples the clients on WLAN-yellow receive an IP address from the VLAN 2601. As VLAN 2601 does not exists at the remote location, only at WLC's location, these examples also enable NAT-PAT, so the AP translates the traffic generated by client, which is sourced from an IP address that belongs to VLAN 2601, into its own IP address, which does works in the remote site.

Central DHCP per WLAN

This configuration enables Central DHCP on a FlexConnect Local Switching WLAN, this feature applies to all the FlexConnect APs that broadcast the SSID WLAN-yellow.

Step 1. Create the WLAN.

Open the GUI of the WLC and navigate to WLANs > Create New > Go.

Choose a name for the SSID and profile, then click Apply.

CLI:

> config wlan create <wlan-id> <profile-name> <ssid-name>

Step 2. Choose the interface assigned to the WLAN.

CLI:

config wlan interface <wlan-id> <interface-name>

Step 3. Navigate to Security tab and choose a security method.

This example uses WPA2-PSK.

CLI:

config wlan security wpa akm 802.1x disable <wlan-id>
config wlan security wpa akm psk enable <wlan-id>
config wlan security wpa akm psk set-key ascii <password> <wlan-id>

Step 4. Navigate to Advanced tab and enable DHCP Required. 

DHCP Required feature is mandatory to be able to use Central DHCP.

CLI:

config wlan dhcp_server <wlan-id> 0.0.0.0 required

Step 5. Navigate to the Advanced tab and enable Flexconnect Local Switching and Central DHCP Processing. If the subnet assigned to the WLAN does not exist at the remote site, ensure NAT-PAT is enabled as well.

CLI:

config wlan flexconnect local-switching <wlan-id> enable
config wlan flexconnect local-switching <wlan-id> central-dhcp enable

Step 6. Navigate to General tab and enable the WLAN.

CLI:

config wlan enable <wlan-id>

With this configuration, any wireless client that associates to the SSID WLAN-yellow on a FlexConnect AP receives an IP address from VLAN 2601, its traffic flows locally in the remote site and the FlexConnect AP performs NAT-PAT for its traffic.

If you need to customize the VLAN assignment based on remote location you can use AP groups, so you can use the same WLAN and assign a different VLAN per AP group. For more information about how to configure it consult this link:

AP Groups

Central DHCP per FlexConnect AP

This example shows how to configure Central DHCP for just one FlexConnect AP. Only the clients connected to the AP called Flex-1 get their IP address from the DHCP server on VLAN 2601, which only exists in the WLC's location. 

This example assumes that the AP is already configured in Flexconnect mode.

Step 1. Create the WLAN.

You can follow the same steps seen on Central DHCP per WLAN, but in Step 5, you only need to enable FlexConnect Local Switching. This allows that the clients that connect to any other AP have their DHCP discovery packets switched locally in the remote site.

Step 2. Enable Central DHCP in the FlexConnect AP.

Navigate to WIRELESS > Access Points > All APs > AP-name.

Then navigate the FlexConnect tab and click Central DHCP Processing.

After that, enable Central DHCP and NAT-PAT for the WLAN.

CLI:

config ap flexconnect central-dhcp <wlan-id> <AP-name> enable override dns disable nat-pat enable

Central DHCP per  FlexConnect Group

This example shows how to configure Central DHCP for just one FlexConnect group. Only the clients connected to any AP associated to the FlexConnect group called flex-grp get their IP address from the DHCP server on VLAN 2601, which only exists in the WLC's location. 

This example assumes the FlexConnect AP already belongs to the FlexConnect group.

Step 1. Create the WLAN.

You can follow the same steps seen on Central DHCP per WLAN, but in Step 5, you only need to enable FlexConnect Local Switching. This allows that the clients that connect to any other AP get its DHCP discovery packets switched locally in the remote site.

Step 2. Enable Central DHCP in the FlexConnect Group.

Navigate to WIRELESS > FlexConnect Groups > Group Name > Central DHCP. Enter the WLAN-id, enable Central DHCP and NAT-PAT, after that click Add.

 CLI:

config flexconnect group <flexconnect-grp-name> central-dhcp <wlan-id> enable override dns disable nat-pat enable

Related Information

• Flex 7500 Wireless Branch Controller Deployment Guide
• FlexConnect - Enterprise Mobility 8.1 Deployment Guide
• FlexConnect Feature Matrix