wireless clients not getting dhcp

  • 0
  • 1
  • Problem
  • Updated 3 months ago
  • Solved
Clients connect to a Guest SSID which is set to VLAN13. We have another SSID connected to VLAN1. Clients trying to connect to the guest SSID do not get a DHCP address. We have the router serving DHCP addresses. We have VLAN1 set to local and VLAN13 set to tunnel. What are we missing? We tried bridging the two via local and tunnel, but we get the same result. Any help would be appreciated.
Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb

Posted 3 months ago

  • 0
  • 1
Photo of Christopher Frazee

Christopher Frazee, Employee

  • 2,026 Points 2k badge 2x thumb
Hello Lorilee,
Is the referenced router our wireless controller or external/3rd party router with DHCP server? If using the wireless controller, you must ensure that the DHCP policy is mapped to the wireless controller. It might be best if you got a support case generated in order that we can review the configuration and topology to better assist you. You can either call 800-872-8440 or use the online method: https://gtacknowledge.extremenetworks.com/articles/How_To/Create-a-Case-via-New-Portal

The wireless controller and/or APs must be under 90-day warranty period or under entitlement/contract for phone support. 
Photo of Christoph S.

Christoph S., Employee

  • 3,410 Points 3k badge 2x thumb
Hello Lorielee,
 
what are you working with in terms of equipment, i. e.: Controller, virtual controller, AP, models, firmware version, etc...?

In general:

1 - Both VLANs should be created and segregated on corporate router. DHCP should also be configured for same. 
2 - Both WLANs should be local
3 - Map one wlan to vlan 1 and the other to vlan 13
4 - Create vlan 13 on controller/AP (vlan 1 should be there by default)
5 - All connected ports should be switched to trunk ports and allow vlans 1 and 13
6 - Make sure that both vlans are also allowed on the switchport the equipment is connected to

Thank you,

Chris
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
Basic troubleshooting...

Does DHCP service even work > configure a port untagged VLAN#13 and connect a wired device > could you get a IP via DHCP

Connect again via wireless > check the switch MAC table > did the switch learn the client MAC on the correct port and on the correct VLAN.

The result of this two steps should give you a good idea what is going wrong.
Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb
Here's the wireless config I have setup now. We are using (4) 7532 access points. I have (1) AP set as a virtual controller.

!
! Configuration of AP7532 version 5.8.6.5-002R
!
!
version 2.5
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no firewall enable
 no ipv6 dos multicast-icmpv6
 no ipv6 dos hop-limit-zero
 no ipv6 dos tcp-intercept-mobility
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!       
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 rate-limit client to-air
 rate-limit client to-air rate 10000
 rate-limit client from-air
 rate-limit client from-air rate 10000
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
roaming-assist-policy FreshMkt-Guest
!
wlan FreshMkt-Guest
 ssid FreshMkt-Guest
 vlan 13
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 no client-client-communication
 no fast-bss-transition over-ds
 use roaming-assist-policy FreshMkt-Guest
!
wlan Sirf@0462
 ssid Sirf@0462
 vlan 1
 bridging-mode local
 encryption-type wep128
 authentication-type none
 no broadcast-ssid
 no fast-bss-transition over-ds
 wep128 key 1 hex 0 49734657942ace428ccc2241ca
!
smart-rf-policy default
!
wips-policy default
!
!
management-policy default
 telnet
 http server
 https server
 ssh
 user admin password 1 d652cd2c3d7e699e292b240722cf8dbbacfca1904aa4c38857e7288daacfc62a role superuser access all
 snmp-server manager v2
 snmp-server community 0 fish4food ro
 snmp-server community 0 hunt4bambe rw
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
event-system-policy default
!
nsight-policy default
!
profile ap7532 default-ap7532
 use enterprise-ui
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan Sirf@0462 bss 1 primary
  wlan FreshMkt-Guest bss 2 primary
 interface radio2
  wlan Sirf@0462 bss 1 primary
  wlan FreshMkt-Guest bss 2 primary
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,13
 interface vlan1
  ip address zeroconf secondary
  ip dhcp client request options all
 interface vlan13
  description Guest
 interface pppoe1
 use event-system-policy default
 use firewall-policy default
 use client-identity-group default
 logging on
 logging syslog informational
 logging host 155.110.1.97
 service pm sys-restart
 router ospf
!
rf-domain default
 timezone EST5EDT
 country-code us
 use nsight-policy default
!
ap7532 B8-50-01-73-21-70
 use profile default-ap7532
 use rf-domain default
 hostname SN0462-AP02
 location default
 ip default-gateway 10.11.5.1
 ip route 192.168.180.0/24 192.168.180.1
 interface vlan1
  no description
  ip address 10.11.5.249/24
 interface vlan13
  ip address 192.168.180.3/24
!
ap7532 B8-50-01-73-21-78
 use profile default-ap7532
 use rf-domain default
 hostname SN0462-AP01
 location default
 no adoption-mode
 bridge vlan 1
  bridging-mode local
 ip default-gateway 10.11.5.1
 ip route 192.168.180.0/24 192.168.180.1
 interface ge1
  switchport mode trunk
  switchport trunk native vlan 1
  no switchport trunk native tagged
  switchport trunk allowed vlan 1,13
 interface vlan1
  no description
  ip address 10.11.5.248/24
 interface vlan13
  ip address 192.168.180.2/24
 ntp server 155.110.249.1
 virtual-controller
 rf-domain-manager capable
!
ap7532 B8-50-01-73-21-80
 use profile default-ap7532
 use rf-domain default
 hostname SN0462-AP04
 location default
 ip default-gateway 10.11.5.1
 ip route 192.168.180.0/24 192.168.180.1
 interface vlan1
  no description
  ip address 10.11.5.251/24
!
ap7532 B8-50-01-73-2C-B0
 use profile default-ap7532
 use rf-domain default
 hostname SN0462-AP03
 location default
 ip default-gateway 10.11.5.1
 ip route 192.168.180.0/24 192.168.180.1
 interface vlan1
  no description
  ip address 10.11.5.250/24
!
!
end


Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb
What happens is I cannot ping the gateway from the ap when I source the ping from vlan13 
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
What about the switch - is the port configured as a trunk.
As I've mentioned before check the MAC table of the switch to see whether you learn the MAC on the right port in the correct VLAN.
Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb
Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,602 Points 20k badge 2x thumb
Sorry but I'm not sure whether I unterstand....

If you connect a wired device on a port that is configured for VLAN#13 and use DHCP (instead of a static IP) it doesn't get a IP address ?!
Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb
We can't pass traffic on VLAN13 at all. Even when we have a set static address. It can talk to itself, but it won't pass traffic.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,602 Points 20k badge 2x thumb
The story is a little conflicting....

We have statically setup a device on the VLAN13 and it works....
 We can't pass traffic on VLAN13 at all. Even when we have a set static address.
So let's go with option#2 = a PC/laptop connected to the switchport with a cable and is configured with a static IP is not able to ping the default gw.

If that is the case I don't see a AP problem, there is a incorrect setup in the LAN.
Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb
I put in a picture that my network guy I'm working with created. I understand it was conflicting info earlier, but things were lost in translation. I was under the impression that it worked statically, but that was incorrect on my part. Below in the pic is the layout.
Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb
We are having a Layer 2 issue.

Photo of Lorielee Jacinto

Lorielee Jacinto

  • 140 Points 100 badge 2x thumb