Help with DHCP issue on x460 stack(s) in relation to wireless on AP6511 units

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Inherited a network with two stacks of Extreme 460 switches.   One stack in MDF, one stack in IDF.    Attached to these are ap6511 wireless access points with two wireless lans setup.   Domain and Guest.      Domain for both wired and wireless use on-site DHCP.    Guest is setup to use a public DNS and have the switches handle DHCP.       Any units that connect to the wireless radios tied into the MDF stack receive a DHCP address and gain internet access on the designated 10.xx.xx.xx network.

Any units that connect via the IDF radios for the Guest network do not receive a 10.xx.xx.xx address and have no internet access.  They receive a 169.xx.xx.xx address.

The wireless broadcasts and prompts for sign-on but beyond that, does not get an address.

What is likely missing or not configured on the stack in the IDF?   
I tried setting the VLAN DHCP via the screenplay interface to match what is on the MDF stack but that had no effect.   I've also connected to each stack via various CLI commands but nothing.

It's worth noting that any Domain wireless on either stack connects and operates fine so I'm pretty sure this is all related to the failure of the IDF stack to properly request/assign addresses.

MDF has a protocol address set, IDF has same address set with one digit up in final octet.  DHCP ranges were set as the same as I found on MDF.

Any help, much appreciated.
Thanks!
Photo of Eerie One

Eerie One

  • 100 Points 100 badge 2x thumb
  • frustrated

Posted 2 years ago

  • 0
  • 1
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi,

I am not completely sure I understand your setup, so please correct me if I make wrong assumptions.

If you are using a layer 2 connection (VLAN trunk) between the MDF and IDF switches, then you need only one DHCP server. If you use two DHCP servers they either need to assign different addresses, or they need to communicate with each other (the basic DHCP servers on EXOS do not support the latter).

If you use DHCP snooping, you need to ensure that the link between the two switches is trusted.

HTH,
Erik
Photo of Eerie One

Eerie One

  • 100 Points 100 badge 2x thumb
Thanks Erik.   
I'm new to the XOS and Extreme Switches, what would I look at to see how the two MDF and IDF connections are made for purposes of having them serve as 'one' DHCP server?

I'm guessing your last statement is the problem... that the basic DHCP does not support the two stacks talking as one.     In that case, that means I need to establish a new range on the IDF stack and then add all of those settings to our firewall to allow that new range out/in?

Thanks for the assistance.  
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi,

well, what does your network look like?

A basic setup could use a direct connection (usually fiber, depending on distance copper might work as well) between the two stacks. This connection can be a layer 2 link, i.e. you configure tagged VLANs on this link. If you use this method, only one of you switches needs to have non-management IP addresses configured, and only one switch needs to have a DHCP server configured. You should consider the IDF stack as an extension of the MDF stack.

If you are using security features (e.g. DHCP snooping), you have explicitly enabled them. So you know that you are using them.

Anyway, I suppose you start with basic troubleshooting, checking layer 2 connectivity (do you see MAC addresses of devices connected to the IDF stack on the MDF stack? [show fdb]). Layer 2 connectivity should suffice for DHCP.

HTH,
Erik
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Hi,

there could be many reasons for your problems. Perhaps the following GTAC Knowledge articles can help you narrow it down:

I would advise to first get DHCP working before enabling DHCP snooping.

Best regards,
Erik
Photo of Eerie One

Eerie One

  • 100 Points 100 badge 2x thumb
Thanks Erik.  Our IDF and MDF are connected via a fiber run, they are quite a distance apart from each other.  I currently access each stack via the screenplay interface but one for IDF and one for MDF, I don't see the components of the other when I access.

Looks like everything on our IDF is duplicating the setup of the MDF stack.  Just with a protocol address offset of one digit.   I added the DHCP range to the IDF just as it appears on the MDF but that had no effect.    Once the wireless access point authenticates the request to use the guest network it doesn't grab an IP in that range.   Just a default 169.x.x.x .

I've looked over the Troubleshooting DHCP issues article previously and it still left me confused.  I'll plan to connect to the stacks and look at the port info. again.   I'm thinking perhaps the bootprelay settings and IP forwarding needs to be on one or both of the stacks.   My issue there is that they each currently work fine for domain wireless, just not the guest and I don't want to mess up what IS working while trying to fix this issue.  lol.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Did you verify that the Guest WLAN is added to the MDF and IDF connection, and to the access point ports (if applicable)?
Photo of Eerie One

Eerie One

  • 100 Points 100 badge 2x thumb
The ports have the guest VLAN designated, the only difference b/n the two stacks showing for the Guest VLan is the protocol address, but that seems to be true for all the various vlans.

Not sure what you mean about the MDF/IDF connection?  What am i checking to confirm that?
Thanks!
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
I assume that you have a direct link (e.g. using fiber) between the stack in the MDF and the one in the IDF. Again I am assuming that you are using a layer 2 connection between the two stacks, and that your external connections terminate in the MDF. That would correspond to the normal use of the terms MDF and IDF. If you are using this kind of setup, the link between the two stacks needs to carry several VLANs (all VLANs used in both locations).

In the command line you could check this with:
show ports PORTNUMBER information detail
The output of this commands contains a section "VLAN cfg", which lists every VLAN configured on the port.

Since you write that Domain wireless works, but Guest does not, it seems likely that the Guest wireless VLAN is missing from the link between the two stacks.