(Some) DHCP Request Packets Dropped By Wireless System

  • 0
  • 1
  • Question
  • Updated 8 months ago
  • Answered
I have a device on the wireless that is having issues obtaining a DHCP address. During the troubleshooting I performed a packet capture from the wireless controllers GUI. I found that the DHCP packets from the client were being dropped by the access point. Unfortunately I have not been able to determine the reason for the drops.

Does anyone know if there is a way to log dropped packets? I already have a syslog server logging a few other events.

Other information that might be relevant:
Version: 5.9.1.2-006R
AP Types: 7502 7532 8533
Photo of Theodore Chandler

Theodore Chandler

  • 180 Points 100 badge 2x thumb

Posted 9 months ago

  • 0
  • 1
Photo of Andy Holden

Andy Holden, Employee

  • 1,492 Points 1k badge 2x thumb

hi

you can log into the CLI on the AP and enter "service pktcap on drop filter port 67 and port 68


This will capture any dropped DHCP messages

You may want to check that your firewall is following BEST PRATICES. The DOS firewall  may mis-identify packets as harmful and drop them

Photo of Philipp Tittmann

Philipp Tittmann

  • 774 Points 500 badge 2x thumb
Hi Andy,

do you guys have a kind of cheat sheet for more commands like you mentioned?
Thx
Photo of Theodore Chandler

Theodore Chandler

  • 180 Points 100 badge 2x thumb
Hello Andy,

Can you provide the best practice guide for the firewall?

Thanks for all of your help
Photo of Andy Holden

Andy Holden, Employee

  • 1,492 Points 1k badge 2x thumb
Photo of Andrew Webster

Andrew Webster

  • 1,878 Points 1k badge 2x thumb
This problem can occur if you have configured the WLAN to operate in bridged mode, but have created an SVI for the  VLAN on the AP, there is no mechanism to prevent this unsupported configuration for occurring.
From Best Practices :

Switched Virtual Interface
When a Wireless Controller or Access Point bridges traffic on a VLAN it does not require a Switched Virtual Interface to be defined. One common mistake is to create a Virtual Interface for locally bridged VLANs on a device when it’s not required. A Virtual Interface is only required for the following scenarios:
1. Layer 3 Access Point adoption.
2. Device Management.
3. When the Wireless Controller or Access Point is providing IPv4 routing services between multiple IPv4 interfaces.
4. When the Wireless Controller or Access Point is providing NAT.
5. When the Wireless Controller or Access Point is terminating IPsec VPN tunnels.
6. When DHCP services are running on the Wireless Controller or Access Point.
Please note that all routed IPv4 traffic is inspected by the stateful packet inspection firewall. When IPv4 routing doesn’t work as expected with the defined Virtual IP interfaces, issue a service pktcap on drop command to see if any packets are being dropped by the stateful packet inspection firewall. Most firewall checks are enabled by default and can be disabled if needed.
Photo of Theodore Chandler

Theodore Chandler

  • 180 Points 100 badge 2x thumb
An update. After getting time to troubleshoot with the user I performed another packet capture. The capture stated that the DHCP request was being dropped because it was malformed. User was running a custom version of Android.

Thanks for the help everyone.