WIreless clients get IPs from a wrong server (DHCP relay doesn't work on V2110)

  • 0
  • 1
  • Problem
  • Updated 11 months ago
  • Solved
  • (Edited)
Hello, everybody!

I have 4 Topologies at my V2110.

1) Management - I don't use it, 172.16.1.0/24

2) TopologyForAPs - I manage V2110 with it and this is where APs live, binded to VLAN 22. 192.168.40/23, through this Topology default routing works (GW 192.168.40.1)

3) V38 - its @EWC, binded to VLAN 38,  IP range 10.10.32.0/19

4) V39 - its @EWC, binded to VLAN 39,  IP range 10.11.32.0/21


The problem is when I connect to WLAN 38 or 39 I get IP from VLAN22. Bootprelay is configured on all switches. Everything is OK on server side, DHCP works. I can reach DHCP server from all EWC interfaces,

How could I solve this issue? I could provide all additional information required.

Many thanks in advance,

Ilya



Photo of Ilya Semenov

Ilya Semenov

  • 4,408 Points 4k badge 2x thumb

Posted 12 months ago

  • 0
  • 1
Photo of Schmotter, Ryan

Schmotter, Ryan, Employee

  • 590 Points 500 badge 2x thumb
How is the topology for the VNS configured for WLAN 38? 
Photo of Ilya Semenov

Ilya Semenov

  • 4,408 Points 4k badge 2x thumb
Hello, Ryan!

For all WLANs I have two topologies: B@EWC and B@AP (this is the only way I know to make them working). 


In case of V38 I have @EWC Topology with tagged VLAN 38 and IP 10.10.32.2/19 and @AP topology with untagged 4091 VLAN.


I have forgotten an important detail: i don't have other VLANs on APs except VLAN 22. But I expect to avoid configuring trunks to AP... Is it possible?

Thank you very much!
Photo of Hawkins, Bruce

Hawkins, Bruce, Employee

  • 888 Points 500 badge 2x thumb
Looking at the screen shot you sent ... you don't seem to have any topologies that are of type "Physical" which you should have.

The interface on your controller that APs should be registering to should be a Physical interface with your IP of 192.168.40/23 on it, probably untagged for VLAN 22.  That interface should have AP Registration and Management checked off/enabled.  You should define a default gateway under "Routing Protocols" for the next hop router that your controller can reach out of that Physical interface through VLAN 22.  Presumably 192.168.40.1.

It looks like you currently have this configured through a B@EWC topology and you shouldn't.  You would likely need to remove the B@EWC topology for VLAN 22 first, then create a new one of type Physical.  This would probably need to be done from the CLI of the console in Vmware, since you are probably bringing up the GUI of the controller through that interface presently and if you delete in in the GUI (which you need to do) you'll then lose contact through the GUI.

The following steps might be helpful to provide if you do not already know them, to accomplish that (VLAN 600 and the IP address shown are only examples of course):

-------------------------------------------------------------------------------------------------

How to manually configure an ESA Port from the Console of a V2110

Type topology hit enter, prompt changes to topo then type the following:

    create "esa0" physical 600 port esa0 untag 10.26.6.51/24

    apply

This creates  esa0 as a physical port,assigns it to  vlan 600, untagged, using port esa0 with IP of whatever  mask you specify.

You can use the command SHOW to see what is configured at any time. Make sure to do enable “mgmt.” so you can https: to this new IP from the LAN and to also enable AP registration if the port you’re creating is the one you want APs to register to.

To do that, from the topology prompt, type “l3” and hit enter.  At the l3 prompt:

set ap-register enable

set mgmt enable

apply

----------------------------------------------------------------------------------------------------

Your admin port should be left at the default of 192.168.10.1/24 with no default gateway defined and should be powered down in Vmware.

The other B@EWC topologies you have defined ... will be using the same physical port probably as is your Physical interface and as such, you make those topologies tagged for their respective VLANs (38 and 39).  The switch port that is on the "other side" of your Vmware physical NIC that the V2110 is using .. would then need to be untagged for VLAN 22, and tagged for VLAN's 38 and 39.

Assuming the rest of your LAN is configured properly to switch/route at L2/L3 VLANs 22, 38 and 39 ... and assuming you have defined the Vswitch you are using in Vmware properly (to "Accept" Promiscuous Mode and to allow "All VLANs (4095) ... making that port a trunk port that will carry all VLAN tags) you should have a working configuration.

In the design you have outlined ... you would not need to tag all the APs for VLANs 38 and 39 ... since the topologies are B@EWC ... you simply need to tag the ethernet switch port that the controller connects to for those VLAN's ... and the APs should be untagged in VLAN 22 most probably for them to connect to what should be the untagged VLAN 22 port for the controller.

Here is a link regarding the requirements for promiscuous mode and allowing all VLANs for your Vswitch:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-vSwitch-properties-For-V2...


Hope this helps.
(Edited)
Photo of Hawkins, Bruce

Hawkins, Bruce, Employee

  • 888 Points 500 badge 2x thumb
I'm a lot less familiar with Hyper-V ... than I am Vmware ... but the concepts are all the same.

The port that you manage the controller through and that the APs register through needs to be type Physical and most probably untagged for VLAN 22 with the next hop defined as I mentioned previously in Routing Protocols (0.0.0.0, 0.0.0.0, 192.168.40.1) and your B@EWC topologies for VLANs 38 and 39 would be tagged ... and the switch port that your controller connects to on the ethernet side would need to be untagged for VLAN 22 and tagged for both VLAN 38 and 39.

Hyper-V needs to be configured to facilitate passing all that traffic ... both untagged for VLAN 22 and tagged for VLANs 38 and 39 from the V2110 to the ethernet switch port the controller is connected to successfully maintaining tags for the traffic that require it and untagged for the traffic that doesn't.
(Edited)
Photo of Ilya Semenov

Ilya Semenov

  • 4,408 Points 4k badge 2x thumb
Hi, Bruce,

thank you!

I did everything as you said and there is no result.

Now the TopologyForAPs is Physical and traffic is untagged.

In both WLANs I still get IPs from VLAN22.

DHCP Server address is accessible from both Topology interfaces - V38 and V39. Bootprelay is enabled.

Any ideas?
(Edited)
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Hi Ilya

Did you follow this guide to make sure tagging is working? https://gtacknowledge.extremenetworks.com/articles/Solution/Hyper-V-fails-to-pass-VLAN-tags-on-a-bridge-at-controller-service/

On the switch to which your hyper-v server is connected, what vlan(s) do the macs get learned in?

This article might also help with understanding when/where to tag or not: https://gtacknowledge.extremenetworks.com/articles/Q_A/When-and-where-do-I-need-to-tag-or-untag-vlans-in-different-topology-types-on-an-identiFi-wireless-controller/

-Gareth
Photo of Ilya Semenov

Ilya Semenov

  • 4,408 Points 4k badge 2x thumb
Hi, Gareth,

I know the article "Hyper-V-fails-to-pass-VLAN-tags-on-a-bridge-at-controller-service" - it's OK with VLANs at the moment. All tagged traffic is passed to EWC.

Could you please this:  "what vlan(s) do the macs get learned in?"

Now I will read the last article you have mentioned.

Thanks!
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,476 Points 5k badge 2x thumb
Hi Ilya

It depends on the switch your server is connected to, it would be something like:

show mac port x.y.z
or show fdb port <list>

If the packets are coming from the wireless topologies into the switch, you should see which vlan the switch is learning the MAC.

If all the MACs are in the same vlan on the swithc, but learned in different topologies on the wireless side, then tagging is not working on your server.

-Gareth
Photo of Doug Hyde

Doug Hyde, Technical Support Manager

  • 20,192 Points 20k badge 2x thumb
Hello llya, 

Were you able to resolve this issue?  If not I would suggest contacting the GTAC for further assistance. 
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-contact-Extreme-Networks-Global-Tec...
Photo of Ilya Semenov

Ilya Semenov

  • 4,408 Points 4k badge 2x thumb
Hi, Dough,

I've solved the issue. Just recreated interfaces in Hyper-V.

Thank you for asking.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Thanks for letting us know. :-)