Solved

No DHCP address for any AP122 client

  • 10 August 2021
  • 5 replies
  • 48 views

Hi everyone.

I’m new to Aerohive kit, so I suspect this is a simple lack of knowledge.  

I have an existing site with 6 AP122’s all working fine (configured by my predecessor).  I need to add a remote site.  The VPN’s are in place between the sites.  A client connected directly to the wired LAN at the remote site, picks up a DHCP address from the remote LAN DHCP server without issue. 

I have added a new AP122 on the remote site. It also picks up a DHCP address and downloads the profile from ECIQ.  Client devices seem to connect to the AP122 without issue, but don't get an IP address from the local DHCP server.  I have tried adding the local server to the AP122 DHCP helper, but that makes no difference. There is no vlan tagging of any sort configured on the remote site.  Other AP’s  (not Aerohive) allow DHCP clients on without any issues.

 

Any suggestions what I could be missing gratefully received.

icon

Best answer by Trummel 2 September 2021, 13:46

I managed to resolve this.  I needed to amend the network policy to create a new user profile with a device location specific assignment rule that didnt use the vlan.  All good now.

 

Thank you.

View original

5 replies

Userlevel 7

Hi Trummel, I’d start with running a VLAN probe on the AP CLI to make sure it can get traffic to and from the correct DHCP server. The command to run a VLAN probe is: 

 

int mgt0 dhcp-probe vlan-range # #

 

If you want to run a range you would do 1 5 for example, if you want to do one you would just do 5 5 for example. So if I was running a VLAN probe for VLAN 5, the command would be int mgt0 dhcp-probe vlan-range 5 5. You should see the subnet returned if the VLAN probe is successful, I’d recommend confirming that is the subnet you would expect the DHCP server to return. 

Sorry Sam, I have only just got back to this.  I was on a remote site and have had to reconfigure my home lan to duplicate it..  Anyway, the same is now happening here.  The Ap122 is connecting to my lan and picking up a dhcp address successfully over the VPN.  The configuration updates successfully from IQ Pilot and a wireless device can connect to the AP.  However the wireless device (my laptop) does not get an IP address.  I ssh’d to the AP and ran ‘int mgt0 dhcp-probe vlan-range 1 5’.  It reported the correct subnet (192.168.15.0/24) on Vlan 1.  I can ping the DHCP server from the ssh session.

What might (or not) be relevant is that the head office AP122’s are all running on VLAN 109.  I am using the same policy at head office and remote sites, but the remote site is only using vlan 1, not 109.

Actually, I have just put a static address on my laptop wireless.  It joins the wireless network, but cant ping the AP122 or the local gateway.

Userlevel 7
Badge +1

Hello Trummel,

this is the crucial point I suppose.

What might (or not) be relevant is that the head office AP122’s are all running on VLAN 109.  I am using the same policy at head office and remote sites, but the remote site is only using vlan 1, not 109.

I assume that your network policy working in the central office pushes your clients tagged into VLAN 109. If VLAN 109 does not exist in the branch office as you wrote, then the clients cannot communicate.
Therefore please check which VLAN configuration the clients get in the network policy.

APs and Clients can be in different VLANs!

Thanks for the response Stephan.  I find this all very confusing.

There is actually nothing enforcing the vlan at the remote office (all dumb switches).  The VPN between offices also is vlan transparent.  The AP doesnt seem to care, it picks up its own DHCP address quite happily.  

I have now given the AP a static address and configured the DHCP server on the AP122.  A device plugged into the same physical lan receives an address. However a device connected to the wifi doesnt get an address.  It seems that the wireless connections are completely isolated from the rest of the network.  Surely if this was a vlan issue, the wired and wireless interfaces of the AP would both be the same, but they dont appear to talk to each other.

The object of the exercise here is to allow someone with a laptop to connect in head office (where vlan is essential) with a single SSID, then visit a branch office and connect with the same SSID, but without needing the vlan, because the branch office have no need and no equipment that will provide it.  Whilst in the branch office, they also need to be able to see printers etc which are not vlan tagged.  Is that even possible?

I managed to resolve this.  I needed to amend the network policy to create a new user profile with a device location specific assignment rule that didnt use the vlan.  All good now.

 

Thank you.

Reply