Extreme Networks

juergen_dannewi · ‎07-14-2021

Hi everyone,

I´ve some strange situation with Android Smartphones in our Aerohive/Extreme Network (Mix of AP250 and 305C) environment.
The Android devices itself get´s an valid IP and authenticated to the Wifi but shows the information “maybe don´t have internet connection”.
Actual Workaround: Ping the device. The first 2 packages are lost, but than the device replies and shows connected.
I´ve started this discussion last year, but with Covid-19 the situation stuck.

I´ve also found that we are not the only one with this situation.

I can confirm that DNS port 53 and 853 is open for this dedicated Wifi VLAN on our firewall.
I´ve added the DNS ports for the native VLAN of the APs to this internal DNS server, now.

Does anyone has an idea, if this won´t help, how we could troubleshoot this?

Thankful for every idea!

juergen_dannewi · ‎09-07-2022

Hi,

I want to send an update about this topic.
We found the root cause for our problem, but I´m unsure how to solve it.
The ARP-cache on our firewall which is also the Gateway for our Guest Network seems to get some wrong information from the Aerohive environment.
The Guest Wifi has a short Lease time on DHCP side (5min, increased to 15min now).
The client itself gets the correct IP from DHCP Server (same VLAN/subnet, Windows Server), but the Firewall still get´s the wrong information after a arp-cache clear.
We deleted the "wrong" client in the IQ Management and cleared the ARP-cache once again and the problem was solved for this device.

We found an option in the "Management Options" called "disable Proxy-ARP":
Would it make sense to activate this option in a Wifi environment?
Arp-Caches are written on the Gateway and Switch devices.

View solution in original post

juergen_dannewi · ‎09-07-2022

Hi,

I want to send an update about this topic.
We found the root cause for our problem, but I´m unsure how to solve it.
The ARP-cache on our firewall which is also the Gateway for our Guest Network seems to get some wrong information from the Aerohive environment.
The Guest Wifi has a short Lease time on DHCP side (5min, increased to 15min now).
The client itself gets the correct IP from DHCP Server (same VLAN/subnet, Windows Server), but the Firewall still get´s the wrong information after a arp-cache clear.
We deleted the "wrong" client in the IQ Management and cleared the ARP-cache once again and the problem was solved for this device.

We found an option in the "Management Options" called "disable Proxy-ARP":
Would it make sense to activate this option in a Wifi environment?
Arp-Caches are written on the Gateway and Switch devices.

dpanev · ‎09-01-2022

set a rssi threshold to -70

disable band steering or load balancing

disable private wlan adress on client

SanderD · ‎08-19-2022

Hi @juergen.dannewitz,

Setup :

ISP (Proximus or Telenet, I have both now for testing but same result - Belgium).
DHCP, DNS, Firewall and Gateway from the ISP router.

On the ISP Router :
1 Cable connected to a HP Aruba switch 1930 8G POE (also cloud management) as uplink.
1 Cable connected to a HP Aruba switch 1930 24G POE (also cloud management) as uplink.

Switches :
HP 8G - 1x AP 305C
HP 24G - 1x AP460C and 1x AP305C

Security Protecition OFF on the ports for the AP's.

AP's :

1 Management VLAN 1 for all.

So 3 AP's in total in the home enviroment.

I also checkt 2 commands directly on 1 AP with Putty and these where the results :

show version
show interface mgt0

AP0#show version
Copyright (c) 2006-2021 Extreme Networks, Inc.

Version: HiveOS 10.4r6 build-272960
Build time: Wed May 11 01:01:57 UTC 2022
Build cookie: 2205101801-272960
Platform: AP305C
Bootloader ver: v0.0.4.70
TPM ver: v1.2.66.16
Uptime: 0 weeks, 3 days, 16 hours, 43 minutes, 50 seconds

AP0#show interface mgt0
Admin state=enabled; Operational state=up;
DHCP client=enabled;
Default IP subnet=192.168.0.0/255.255.0.0;
IP addr=192.168.0.207; Netmask=255.255.255.0; Default Gateway:192.168.0.1;
IPV6 global addr=2a02:1811:c516:2e00::f6a9/64
IPV6 link local addr=fe80::5a59:c2ff:fea3:9fc0/64
VLAN id=1; Native vlan id=1; Tagging of Native vlan: disabled
MAC addr=5859:c2a3:9fc0; MTU=1500;
Rx packets=1406189; errors=0; dropped=146;
Tx packets= 486732; errors=0; dropped= 0;
Rx bytes=477495816 (455.375 MB); Tx bytes=271604978 (259.023 MB);

As you can see there ar many dropped Rx packets : dropped=146; ?!

Best Regards,

juergen_dannewi · ‎09-01-2022

Hi,
I´ve maybe found an workaround for that.
We still experience this situation in different locations.
The setup:
Firewall (VLAN as GW, tagged) -> Core switch VLan (Vlan tagged on Port) -> Access switch (Vlan tagged on Port)-> AP (SSID VLAN, tagged)

SSID: VLAN which uses the Firewall as Gateway.
DHCP: relay on Firewall for VLAN subnet
DNS: Google 8.8.8.8
DHCP Lease Time: 30min

What is seen in the logs:
Client gets an IP from DHCP and tries to contact DNS several times.
No more other traffic is generated than DNS.

Workaround:
Clear the ARP-Cache on the Firewall/Routing device.
in our case the command "clear arp-cache".

juergen_dannewi · ‎08-19-2022

Hi,

we are using the Aerohive/Extreme APs in an enterprise environment with a licensed On-Prem management server v21.1.22.1-IQVA.

The newest AP firmware for that management is actually 10.3.r3.

Never seen the free version or Cloud version, but we need to change to the Cloud version because we get the information that the On-Prem is EOS in December 2022.

How is your Home use setup?

AP is connected via patch line to the ISP Router which is used for DHCP, DNS, Firewall and Gateway?

No VLAN etc?

Extreme Networks

Android maybe don´t have internet connection

Android maybe don´t have internet connection