Extreme Networks

juergen_dannewi · ‎07-14-2021

Hi everyone,

I´ve some strange situation with Android Smartphones in our Aerohive/Extreme Network (Mix of AP250 and 305C) environment.
The Android devices itself get´s an valid IP and authenticated to the Wifi but shows the information “maybe don´t have internet connection”.
Actual Workaround: Ping the device. The first 2 packages are lost, but than the device replies and shows connected.
I´ve started this discussion last year, but with Covid-19 the situation stuck.

I´ve also found that we are not the only one with this situation.

I can confirm that DNS port 53 and 853 is open for this dedicated Wifi VLAN on our firewall.
I´ve added the DNS ports for the native VLAN of the APs to this internal DNS server, now.

Does anyone has an idea, if this won´t help, how we could troubleshoot this?

Thankful for every idea!

juergen_dannewi · ‎09-07-2022

Hi,

I want to send an update about this topic.
We found the root cause for our problem, but I´m unsure how to solve it.
The ARP-cache on our firewall which is also the Gateway for our Guest Network seems to get some wrong information from the Aerohive environment.
The Guest Wifi has a short Lease time on DHCP side (5min, increased to 15min now).
The client itself gets the correct IP from DHCP Server (same VLAN/subnet, Windows Server), but the Firewall still get´s the wrong information after a arp-cache clear.
We deleted the "wrong" client in the IQ Management and cleared the ARP-cache once again and the problem was solved for this device.

We found an option in the "Management Options" called "disable Proxy-ARP":
Would it make sense to activate this option in a Wifi environment?
Arp-Caches are written on the Gateway and Switch devices.

View solution in original post

tnolan · ‎10-25-2024

I just wanted to update this for the current version. This "disable proxy arp" solved a nightmare of an issue we had where any android device would not get any connectivity for hours after initially joining. However the issue returned recently and I found that this configuration has changed. In Configure - Network Policies - *location* - Management Settings - Management Options, it now has a slider for the Proxy ARP. Even though ours was still disabled, the android behavior returned. We changed it from disabled to ARP Suppression and the androids started working again

juergen_dannewi · ‎09-07-2022

Hi,

I want to send an update about this topic.
We found the root cause for our problem, but I´m unsure how to solve it.
The ARP-cache on our firewall which is also the Gateway for our Guest Network seems to get some wrong information from the Aerohive environment.
The Guest Wifi has a short Lease time on DHCP side (5min, increased to 15min now).
The client itself gets the correct IP from DHCP Server (same VLAN/subnet, Windows Server), but the Firewall still get´s the wrong information after a arp-cache clear.
We deleted the "wrong" client in the IQ Management and cleared the ARP-cache once again and the problem was solved for this device.

We found an option in the "Management Options" called "disable Proxy-ARP":
Would it make sense to activate this option in a Wifi environment?
Arp-Caches are written on the Gateway and Switch devices.

dpanev · ‎09-01-2022

set a rssi threshold to -70

disable band steering or load balancing

disable private wlan adress on client

SanderD · ‎08-19-2022

Hi @juergen.dannewitz,

Setup :

ISP (Proximus or Telenet, I have both now for testing but same result - Belgium).
DHCP, DNS, Firewall and Gateway from the ISP router.

On the ISP Router :
1 Cable connected to a HP Aruba switch 1930 8G POE (also cloud management) as uplink.
1 Cable connected to a HP Aruba switch 1930 24G POE (also cloud management) as uplink.

Switches :
HP 8G - 1x AP 305C
HP 24G - 1x AP460C and 1x AP305C

Security Protecition OFF on the ports for the AP's.

AP's :

1 Management VLAN 1 for all.

So 3 AP's in total in the home enviroment.

I also checkt 2 commands directly on 1 AP with Putty and these where the results :

show version
show interface mgt0

AP0#show version
Copyright (c) 2006-2021 Extreme Networks, Inc.

Version: HiveOS 10.4r6 build-272960
Build time: Wed May 11 01:01:57 UTC 2022
Build cookie: 2205101801-272960
Platform: AP305C
Bootloader ver: v0.0.4.70
TPM ver: v1.2.66.16
Uptime: 0 weeks, 3 days, 16 hours, 43 minutes, 50 seconds

AP0#show interface mgt0
Admin state=enabled; Operational state=up;
DHCP client=enabled;
Default IP subnet=192.168.0.0/255.255.0.0;
IP addr=192.168.0.207; Netmask=255.255.255.0; Default Gateway:192.168.0.1;
IPV6 global addr=2a02:1811:c516:2e00::f6a9/64
IPV6 link local addr=fe80::5a59:c2ff:fea3:9fc0/64
VLAN id=1; Native vlan id=1; Tagging of Native vlan: disabled
MAC addr=5859:c2a3:9fc0; MTU=1500;
Rx packets=1406189; errors=0; dropped=146;
Tx packets= 486732; errors=0; dropped= 0;
Rx bytes=477495816 (455.375 MB); Tx bytes=271604978 (259.023 MB);

As you can see there ar many dropped Rx packets : dropped=146; ?!

Best Regards,

juergen_dannewi · ‎09-01-2022

Hi,
I´ve maybe found an workaround for that.
We still experience this situation in different locations.
The setup:
Firewall (VLAN as GW, tagged) -> Core switch VLan (Vlan tagged on Port) -> Access switch (Vlan tagged on Port)-> AP (SSID VLAN, tagged)

SSID: VLAN which uses the Firewall as Gateway.
DHCP: relay on Firewall for VLAN subnet
DNS: Google 8.8.8.8
DHCP Lease Time: 30min

What is seen in the logs:
Client gets an IP from DHCP and tries to contact DNS several times.
No more other traffic is generated than DNS.

Workaround:
Clear the ARP-Cache on the Firewall/Routing device.
in our case the command "clear arp-cache".

Extreme Networks

Android maybe don´t have internet connection

Android maybe don´t have internet connection