User's Manual
1-10
Cisco Wireless LAN Controller Configuration Guide
OL-8335-02
Chapter 1 Overview
External DHCP Servers
External DHCP Servers
The operating system is designed to appear as a DHCP Relay to the network and as a DHCP Server to 
clients with industry-standard external DHCP Servers that support DHCP Relay. This means that each 
Cisco Wireless LAN Controller appears as a DHCP Relay agent to the DHCP Server. This also means 
that the Cisco Wireless LAN Controller appears as a DHCP Server at the virtual IP Address to wireless 
clients. 
Because the Cisco Wireless LAN Controller captures the client IP Address obtained from a DHCP 
Server, it maintains the same IP Address for that client during same-Cisco Wireless LAN Controller, 
inter-Cisco Wireless LAN Controller, and inter-subnet client roaming. 
Per-Wireless LAN Assignment
All Cisco WLAN Solution wireless LANs can be configured to use the same or different DHCP Servers, 
or no DHCP Server. This allows operators considerable flexibility in configuring their Wireless LANs, 
as further described in the “Cisco WLAN Solution Wireless LANs” section on page 1-11. 
Note that Cisco WLAN Solution wireless LANs that support management over wireless must allow the 
management (device servicing) clients to obtain an IP Address from a DHCP Server. See the“Using 
Management over Wireless” section on page 5-6 for instructions on configuring management over 
wireless.
Per-Interface Assignment
You can assign DHCP servers for individual interfaces. The Layer 2 management interface, Layer 3 
AP-manager interface, and dynamic interfaces can be configured for a primary and secondary DHCP 
server, and the service-port interface can be configured to enable or disable DHCP servers.
Note Refer to Chapter 3 for information on configuring the controller’s interfaces.
Security Considerations
For enhanced security, Cisco recommends that operators require all clients to obtain their IP Addresses 
from a DHCP server. To enforce this requirement, all wireless LANs can be configured with a DHCP 
Required setting and a valid DHCP Server IP Address, which disallows client static IP Addresses. If a 
client associating with a wireless LAN with DHCP Required set does not obtain its IP Address from the 
designated DHCP Server, it is not allowed access to any network services.
Note that if DHCP Required is selected, clients must obtain an IP address via DHCP. Any client with a 
static IP address will not be allowed on the network. The Cisco Wireless LAN Controller monitors 
DHCP traffic because it acts as a DHCP proxy for the clients.
If slightly less security is tolerable, operators can create wireless LANs with DHCP Required disabled 
and a valid DHCP Server IP Address. Clients then have the option of using a static IP Address or 
obtaining an IP Address from the designated DHCP Server.
Operators are also allowed to create separate wireless LANs with DHCP Required disabled and a DHCP 
Server IP Address of 0.0.0.0. These wireless LANs drop all DHCP requests and force clients to use a 
static IP Address. Note that these wireless LANs do not support management over wireless connections.










