Two VLANs on b@AP locally mode same IP address is received

  • 1
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
I created two VNSs' on the controller with a topology of b@AP locally.
The first VNS is named as Test while the other is Test_Guest (see image Test and Test_Guest)


Test


Test_Guest

As you can see the first is untagged while the other is tagged.
For a better understanding of the network please see attached image (Remote Site)


Remote Site

Please see switch configuration in the attached image (Test_test site Switch).

Test_test site Switch

I finished setting up the network, two SSIDs are being broadcast but the problem is the client only gets the IP of the first SSID which is Test even-though they are connected to Test_Guest .

What could be the fault why am i encountering this? What do i need to do solve this problem?
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
  • frustrated

Posted 2 years ago

  • 1
  • 1
Photo of Philipp Josten

Philipp Josten

  • 162 Points 100 badge 2x thumb
Hi Carlo,

you said the clients get the IP from the first SSID. Where is your DHCP Server? In which vlan is your DHCP Scope?
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
The user is using pfsense firewall as the dhcp server the ISPs are connected to this device. The two ports in the switch which is bothe assigned as untag. By the way the firewall also acts as the dhcp server for the two ssids.

Thanks for the quick response.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,004 Points 50k badge 2x thumb
To which port is the AP connected to ?
Check the MAC table of the switch to see whether the client MAC is learned for the right VLAN.
show fdb.......
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
The AP is connected to the 1st ssid as untagged while the other ssid is tagged to the AP port. Sorry im not in the site right now, i wont be able to provide you the actual screenshots.

Just want to verify is it possible to broadcast two ssid in this type of topology (b@AP locally)?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
Yes that works, somthing is wrong in the configuration
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
What do you need so could identify the problem?
Photo of Philipp Josten

Philipp Josten

  • 162 Points 100 badge 2x thumb
At your Site you only have the VLAN ID 10,20,30.
On your Switch there are vlans with id 22,23 ? Are they additional vlans? you have to trunk the vlan 23 to your firewall.

additionally can you post a screenshot with the roles for the two ssids?
are they getting the right role?
(Edited)
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Vlan id 10, 20,30 are replaced with vlan 22 and 23 and the vlan 30 is reserved for future use. Both vlan 22 and 23 are untagged in the FW and in the switch.

Both SSIDs roles are containment vlan.
I wont be able provide you the screenshot im not in the site right now.
(Edited)
Photo of Philipp Josten

Philipp Josten

  • 162 Points 100 badge 2x thumb
Please provide a screenshot from the roles and vns when you can.
Also provide a screenshot from reports -> clients -> clients by vns from both ssid to see ip adresses, roles etc
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
I wasnt able to go to the site so i just did thw same network. VLAN 22 is now AATC(Power_Mac Center) this SSID1 with an IP of 192.168.2.x and VLAN 23 is changed to VLAN 24 (Student) is SSID2 with IP of 192 168.3.x. I attached all the config i did for the ap and switch. Ang the last two images are the actual client which shows you that eventhough i am connected to SSID2 im still getting the IP of SSID1. I hope this could help.
Photo of Philipp Josten

Philipp Josten

  • 162 Points 100 badge 2x thumb
Look at the Default Role for the Student VNS!
You need a second/different Role for the Student VNS, where you put the traffic into tagged 23!

Now you are putting it in the same VLAN cause it has the same role.
You can see it by the topic "Action: 22, Class of Service: No Cos"


(Edited)
Photo of Philipp Josten

Philipp Josten

  • 162 Points 100 badge 2x thumb
Add a new Role with Contain to Vlan into Student Topology (tagged 24) and it will work :-)
Dont forget to change the role for the VNS to "Student".
(Edited)
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
I tried what you have suggested and its working now. Thank you for the help.
Photo of Carlo Alviar

Carlo Alviar

  • 680 Points 500 badge 2x thumb
Is it possible to monitor these APs eventhough they are not in one network? Could it possible to connect to the controller without using VPN?