Header Only - DO NOT REMOVE - Extreme Networks

wireless clients not getting dhcp


Clients connect to a Guest SSID which is set to VLAN13. We have another SSID connected to VLAN1. Clients trying to connect to the guest SSID do not get a DHCP address. We have the router serving DHCP addresses. We have VLAN1 set to local and VLAN13 set to tunnel. What are we missing? We tried bridging the two via local and tunnel, but we get the same result. Any help would be appreciated.

13 replies

Userlevel 4
Hello Lorilee,
Is the referenced router our wireless controller or external/3rd party router with DHCP server? If using the wireless controller, you must ensure that the DHCP policy is mapped to the wireless controller. It might be best if you got a support case generated in order that we can review the configuration and topology to better assist you. You can either call 800-872-8440 or use the online method: https://gtacknowledge.extremenetworks.com/articles/How_To/Create-a-Case-via-New-Portal

The wireless controller and/or APs must be under 90-day warranty period or under entitlement/contract for phone support.
Userlevel 5
Hello Lorielee,

what are you working with in terms of equipment, i. e.: Controller, virtual controller, AP, models, firmware version, etc...?

In general:

1 - Both VLANs should be created and segregated on corporate router. DHCP should also be configured for same.
2 - Both WLANs should be local
3 - Map one wlan to vlan 1 and the other to vlan 13
4 - Create vlan 13 on controller/AP (vlan 1 should be there by default)
5 - All connected ports should be switched to trunk ports and allow vlans 1 and 13
6 - Make sure that both vlans are also allowed on the switchport the equipment is connected to

Thank you,

Chris
Userlevel 7
Basic troubleshooting...

Does DHCP service even work > configure a port untagged VLAN#13 and connect a wired device > could you get a IP via DHCP

Connect again via wireless > check the switch MAC table > did the switch learn the client MAC on the correct port and on the correct VLAN.

The result of this two steps should give you a good idea what is going wrong.
Here's the wireless config I have setup now. We are using (4) 7532 access points. I have (1) AP set as a virtual controller.

!
! Configuration of AP7532 version 5.8.6.5-002R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos smurf
no ip dos twinge
no ip dos invalid-protocol
no ip dos router-advt
no ip dos router-solicit
no ip dos option-route
no ip dos ascend
no ip dos chargen
no ip dos fraggle
no ip dos snork
no ip dos ftp-bounce
no ip dos tcp-intercept
no ip dos broadcast-multicast-icmp
no ip dos land
no ip dos tcp-xmas-scan
no ip dos tcp-null-scan
no ip dos winnuke
no ip dos tcp-fin-scan
no ip dos udp-short-hdr
no ip dos tcp-post-syn
no ip dos tcphdrfrag
no ip dos ip-ttl-zero
no ip dos ipspoof
no ip dos tcp-bad-sequence
no ip dos tcp-sequence-past-window
no firewall enable
no ipv6 dos multicast-icmpv6
no ipv6 dos hop-limit-zero
no ipv6 dos tcp-intercept-mobility
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
rate-limit client to-air
rate-limit client to-air rate 10000
rate-limit client from-air
rate-limit client from-air rate 10000
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
roaming-assist-policy FreshMkt-Guest
!
wlan FreshMkt-Guest
ssid FreshMkt-Guest
vlan 13
bridging-mode tunnel
encryption-type none
authentication-type none
no client-client-communication
no fast-bss-transition over-ds
use roaming-assist-policy FreshMkt-Guest
!
wlan Sirf@0462
ssid Sirf@0462
vlan 1
bridging-mode local
encryption-type wep128
authentication-type none
no broadcast-ssid
no fast-bss-transition over-ds
wep128 key 1 hex 0 49734657942ace428ccc2241ca
!
smart-rf-policy default
!
wips-policy default
!
!
management-policy default
telnet
http server
https server
ssh
user admin password 1 d652cd2c3d7e699e292b240722cf8dbbacfca1904aa4c38857e7288daacfc62a role superuser access all
snmp-server manager v2
snmp-server community 0 fish4food ro
snmp-server community 0 hunt4bambe rw
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
event-system-policy default
!
nsight-policy default
!
profile ap7532 default-ap7532
use enterprise-ui
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan Sirf@0462 bss 1 primary
wlan FreshMkt-Guest bss 2 primary
interface radio2
wlan Sirf@0462 bss 1 primary
wlan FreshMkt-Guest bss 2 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,13
interface vlan1
ip address zeroconf secondary
ip dhcp client request options all
interface vlan13
description Guest
interface pppoe1
use event-system-policy default
use firewall-policy default
use client-identity-group default
logging on
logging syslog informational
logging host 155.110.1.97
service pm sys-restart
router ospf
!
rf-domain default
timezone EST5EDT
country-code us
use nsight-policy default
!
ap7532 B8-50-01-73-21-70
use profile default-ap7532
use rf-domain default
hostname SN0462-AP02
location default
ip default-gateway 10.11.5.1
ip route 192.168.180.0/24 192.168.180.1
interface vlan1
no description
ip address 10.11.5.249/24
interface vlan13
ip address 192.168.180.3/24
!
ap7532 B8-50-01-73-21-78
use profile default-ap7532
use rf-domain default
hostname SN0462-AP01
location default
no adoption-mode
bridge vlan 1
bridging-mode local
ip default-gateway 10.11.5.1
ip route 192.168.180.0/24 192.168.180.1
interface ge1
switchport mode trunk
switchport trunk native vlan 1
no switchport trunk native tagged
switchport trunk allowed vlan 1,13
interface vlan1
no description
ip address 10.11.5.248/24
interface vlan13
ip address 192.168.180.2/24
ntp server 155.110.249.1
virtual-controller
rf-domain-manager capable
!
ap7532 B8-50-01-73-21-80
use profile default-ap7532
use rf-domain default
hostname SN0462-AP04
location default
ip default-gateway 10.11.5.1
ip route 192.168.180.0/24 192.168.180.1
interface vlan1
no description
ip address 10.11.5.251/24
!
ap7532 B8-50-01-73-2C-B0
use profile default-ap7532
use rf-domain default
hostname SN0462-AP03
location default
ip default-gateway 10.11.5.1
ip route 192.168.180.0/24 192.168.180.1
interface vlan1
no description
ip address 10.11.5.250/24
!
!
end
What happens is I cannot ping the gateway from the ap when I source the ping from vlan13
Userlevel 7
What about the switch - is the port configured as a trunk.
As I've mentioned before check the MAC table of the switch to see whether you learn the MAC on the right port in the correct VLAN.
Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.
Userlevel 7
Lorielee Jacinto wrote:

Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.

Sorry but I'm not sure whether I unterstand....

If you connect a wired device on a port that is configured for VLAN#13 and use DHCP (instead of a static IP) it doesn't get a IP address ?!
Lorielee Jacinto wrote:

Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.

We can't pass traffic on VLAN13 at all. Even when we have a set static address. It can talk to itself, but it won't pass traffic.
Userlevel 7
Lorielee Jacinto wrote:

Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.

The story is a little conflicting....

We have statically setup a device on the VLAN13 and it works....

We can't pass traffic on VLAN13 at all. Even when we have a set static address.

So let's go with option#2 = a PC/laptop connected to the switchport with a cable and is configured with a static IP is not able to ping the default gw.

If that is the case I don't see a AP problem, there is a incorrect setup in the LAN.
Lorielee Jacinto wrote:

Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.

I put in a picture that my network guy I'm working with created. I understand it was conflicting info earlier, but things were lost in translation. I was under the impression that it worked statically, but that was incorrect on my part. Below in the pic is the layout.
Lorielee Jacinto wrote:

Switch side, it is yes. We have statically setup a device on the VLAN13 and it works, but when we go DHCP devices get a 169 IP.

I put in a picture that my network guy I'm working with created. I understand it was conflicting info earlier, but things were lost in translation. I was under the impression that it worked statically, but that was incorrect on my part. Below in the pic is the layout.
We are having a Layer 2 issue.

Reply