Information About Dynamic Host Configuration Protocol
You can configure WLANs to use the same or different Dynamic Host Configuration Protocol (DHCP) servers or no DHCP server. Two types of DHCP servers are available—internal and external.
Internal DHCP Servers
The controllers contain an internal DHCP server. This server is typically used in branch offices that do not already have a DHCP server.
The wireless network generally contains a maximum of 10 APs or less, with the APs on the same IP subnet as the controller.
The internal server provides DHCP addresses to wireless clients, direct-connect APs, and DHCP requests that are relayed from APs. Only lightweight access points are supported. When you want to use the internal DHCP server, ensure that you configure SVI for client VLAN and set the IP address as DHCP server IP address.
DHCP option 43 is not supported on the internal server. Therefore, the access point must use an alternative method to locate the management interface IP address of the controller, such as local subnet broadcast, Domain Name System (DNS), or priming.
Also, an internal DHCP server can serve only wireless clients, not wired clients.
When clients use the internal DHCP server of the controller, IP addresses are not preserved across reboots. As a result, multiple clients can be assigned to the same IP address. To resolve any IP address conflicts, clients must release their existing IP address and request a new one.
Wired guest clients are always on a Layer 2 network connected to a local or foreign controller.
Note |
|
External DHCP Servers
The operating system is designed to appear as a DHCP Relay to the network and as a DHCP server to clients with industry-standard external DHCP servers that support DHCP Relay, which means that each controller appears as a DHCP Relay agent to the DHCP server and as a DHCP server at the virtual IP address to wireless clients.
Because the controller captures the client IP address that is obtained from a DHCP server, it maintains the same IP address for that client during intra controller, inter controller, and inter-subnet client roaming.
Note |
External DHCP servers can support DHCPv6. |
DHCP Assignments
You can configure DHCP on a per-interface or per-WLAN basis. We recommend that you use the primary DHCP server address that is assigned to a particular interface.
You can assign DHCP servers for individual interfaces. You can configure the management interface, AP-manager interface, and dynamic interface for a primary and secondary DHCP server, and you can configure the service-port interface to enable or disable DHCP servers. You can also define a DHCP server on a WLAN. In this case, the server overrides the DHCP server address on the interface assigned to the WLAN.
Security Considerations
For enhanced security, we recommend that you require all clients to obtain their IP addresses from a DHCP server. To enforce this requirement, you can configure all WLANs with a DHCP Addr. Assignment Required setting, which disallows client static IP addresses. If DHCP Addr. Assignment Required is selected, clients must obtain an IP address via DHCP. Any client with a static IP address is not allowed on the network. The controller monitors DHCP traffic because it acts as a DHCP proxy for the clients.
Note |
|
If slightly less security is tolerable, you can create WLANs with DHCP Addr. Assignment Required disabled. Clients then have the option of using a static IP address or obtaining an IP address from a designated DHCP server.
Note |
DHCP Addr. Assignment Required is not supported for wired guest LANs. |
You can create separate WLANs with DHCP Addr. Assignment Required configured as disabled. This is applicable only if DHCP proxy is enabled for the controller. You must not define the primary/secondary configuration DHCP server you should disable the DHCP proxy. These WLANs drop all DHCP requests and force clients to use a static IP address. These WLANs do not support management over wireless connections.
DHCP Proxy Mode versus DHCP Bridging Mode
When using external DHCP servers, the controller can operate in one of two modes: as a DHCP Relay or as a DHCP Bridge.
The DHCP proxy mode serves as a DHCP helper function to achieve better security and control over DHCP transaction between the DHCP server and the wireless clients. DHCP bridging mode provides an option to make controller's role in DHCP transaction entirely transparent to the wireless clients.
Handling Client DHCP |
DHCP Proxy Mode |
DHCP Bridging Mode |
Modify giaddr |
Yes |
No |
Modify siaddr |
Yes |
No |
Modify Packet Content |
Yes |
No |
Redundant offers not forwarded |
Yes |
No |
Option 82 Support |
Yes |
No |
Broadcast to Unicast |
Yes |
No |
BOOTP support |
No |
Server |
Per WLAN configurable |
Yes |
No |
RFC Non-compliant |
Proxy and relay agent are not exactly the same concept. But DHCP bridging mode is recommended for full RFC compliance. |
No |