M and MSM Series

Not able to have client get ip-address from external dhcp server


Not able to have client get ip-address from external dhcp server

Hi all,


I hope you can help me.

I have a MSM-430 AP connected to a access-switch.
This access-switch is connected to the core-switch which hold the WLC MSM765zl
The core-switch is connected to out Cisco fire-wall.

Switches and fire-wall have vlan 100 configured with only the fire-wall having an IP-address.
Tagged all interfaces.


On the WLC:
I have created an AP-group Guest with one AP.
Created a VSC Guest (authentication and access controlled), no egress-mapping, no client-tunneling.
Created a network-profile for vlan 100 and mapped it to the LAN-port

Bonded the network profile to the AP-group Guest.

No interfaces or (default) routes created .


What I want to have is a wireless client do dhcp for an ip-address through the firewall
towards a dhcp-server on the local network via the fire-wall. Necessary rules applied.
Enabled dhcp-relay and added a global dhcp-server entry on the fire-wall.

I expected to see traffic, dhcp-requests, arriving on the interface of the fire-wall with vlan 100.
No traffic at all from the WLC. Neither from the client mac-address


I expected that from the AP traffic would go out on vlan 100 to the WLC (access-control) and that the WLC would put the dhcp-request, and later other traffic, on vlan 100 again where the ASA would pick up the dhcp-request and forward it to the dhcp-server

The strange thing is I 'copied' all this from an existing VSC working the way I want with the new Guest VSC
That VSC is the default. APs with this VSC are on a different VLAN.

Did I miss a few items?