cancel
Showing results for 
Search instead for 
Did you mean: 

(Some) DHCP Request Packets Dropped By Wireless System

(Some) DHCP Request Packets Dropped By Wireless System

Theodore_Chandl
New Contributor II
I have a device on the wireless that is having issues obtaining a DHCP address. During the troubleshooting I performed a packet capture from the wireless controllers GUI. I found that the DHCP packets from the client were being dropped by the access point. Unfortunately I have not been able to determine the reason for the drops.

Does anyone know if there is a way to log dropped packets? I already have a syslog server logging a few other events.

Other information that might be relevant:
Version: 5.9.1.2-006R
AP Types: 7502 7532 8533

6 REPLIES 6

Theodore_Chandl
New Contributor II
An update. After getting time to troubleshoot with the user I performed another packet capture. The capture stated that the DHCP request was being dropped because it was malformed. User was running a custom version of Android.

Thanks for the help everyone.

Andrew_Webster
New Contributor III
This problem can occur if you have configured the WLAN to operate in bridged mode, but have created an SVI for the VLAN on the AP, there is no mechanism to prevent this unsupported configuration for occurring.
From Best Practices :

Switched Virtual Interface
When a Wireless Controller or Access Point bridges traffic on a VLAN it does not require a Switched Virtual Interface to be defined. One common mistake is to create a Virtual Interface for locally bridged VLANs on a device when it’s not required. A Virtual Interface is only required for the following scenarios:
1. Layer 3 Access Point adoption.
2. Device Management.
3. When the Wireless Controller or Access Point is providing IPv4 routing services between multiple IPv4 interfaces.
4. When the Wireless Controller or Access Point is providing NAT.
5. When the Wireless Controller or Access Point is terminating IPsec VPN tunnels.
6. When DHCP services are running on the Wireless Controller or Access Point.
Please note that all routed IPv4 traffic is inspected by the stateful packet inspection firewall. When IPv4 routing doesn’t work as expected with the defined Virtual IP interfaces, issue a service pktcap on drop command to see if any packets are being dropped by the stateful packet inspection firewall. Most firewall checks are enabled by default and can be disabled if needed.

Theodore_Chandl
New Contributor II
Hello Andy,

Can you provide the best practice guide for the firewall?

Thanks for all of your help
GTM-P2G8KFN