This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DHCP Server functionallity with 310i as VC

DHCP Server functionallity with 310i as VC

Go to solution
Matheus_Santana
New Contributor III

‎07-31-2021 02:26 PM

Hello, 

I have an AP310i as a VC in a site, where it adopts APs 7522. In addition to the native VLAN 1, I need to deliver IP to two other different VLANs, for that, I created DHCP servers in the controller. This configuration is identical to another site, where I have an RFS6000 as controller, and everything is working correctly, however, with the 310i as VC, the adopted APs do not deliver IP through this DHCP Server.

 

Here is the running config of AP310i (VC):

 

!
! Configuration of AP310 version 7.6.2.0-018R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
aaa-policy RADIUS_FOGAS
 authentication server 1 host 191.1.10.3 secret 0 fogas123
 authentication server 1 proxy-mode through-controller
!
wlan Fogas_Corporativo
 description Fogas_Corporativo
 ssid Fogas_Corporativo
 vlan 1
 bridging-mode local
 encryption-type ccmp
 authentication-type eap
 no multi-band-operation
 use aaa-policy RADIUS_FOGAS
!
wlan Fogas_Mobile
 description Fogas_Mobile
 ssid Fogas_Mobile
 vlan 40
 bridging-mode tunnel
 encryption-type tkip-ccmp
 authentication-type none
 no multi-band-operation
 no protected-mgmt-frames
 wpa-wpa2 psk 0 Fogas@123
!
wlan Fogas_Visitante
 description Fogas_Visitante
 ssid Fogas_Visitante
 vlan 50
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 no multi-band-operation
 no protected-mgmt-frames
 time-based-access days all start 06:00 end 19:00
!
smart-rf-policy default
 no select-shutdown
 no smart-sensor
 smart-sensor auto-trigger
 smart-sensor band smart-band-5GHz
 smart-sensor tri-radio-only
!
auto-provisioning-policy APP-FOGAS
 adopt ap7522 precedence 1 profile AP-7522 rf-domain default ip 10.8.0.0/16 
!
radius-server-policy default
 nas 191.1.10.3/32 secret 0 fogas123
!
dhcp-server-policy DHCP_FOGAS
 bootp ignore
 dhcp-pool vlan40
  network 192.168.48.0/24
  address range 192.168.48.10 192.168.48.254 
  default-router 192.168.48.1
  dns-server  191.1.10.1 172.28.123.21
 dhcp-pool vlan50
  network 192.168.58.0/24
  address range 192.168.58.10 192.168.58.99 
  default-router 192.168.58.1
  dns-server  8.8.8.8 8.8.4.4
!
!
management-policy default
 telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 8553661a49b0c8a0856a3ee27bfc63a1a5a14b39861bdb89af85a547fbb8d899 role superuser access all
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
event-system-policy default
!
profile anyap AP-7522
 ip default-gateway 10.8.100.200
 no autoinstall configuration
 no autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan Fogas_Corporativo bss 1 primary
  wlan Fogas_Visitante bss 2 primary
  wlan Fogas_Mobile bss 3 primary
 interface radio2
  wlan Fogas_Corporativo bss 1 primary
  wlan Fogas_Visitante bss 2 primary
  wlan Fogas_Mobile bss 3 primary
 interface radio3
 interface bluetooth1
  shutdown
  mode bt-sensor
 interface up1
  switchport mode trunk
  switchport trunk allowed vlan 1,40,50
 interface eth0
 interface eth1
 interface eth2
 interface eth3
 interface ge1
  switchport mode trunk
  switchport trunk allowed vlan 1,40,50
 interface ge2
 interface fe1
 interface fe2
 interface fe3
 interface fe4
 interface vlan1
  ip address dhcp
 interface pppoe1
 use dhcp-server-policy DHCP_FOGAS
 use firewall-policy default
 use auto-provisioning-policy APP-FOGAS
 service pm sys-restart
 router ospf
 adoption-mode controller
!
profile ap310 default-ap310
 ip name-server 191.1.10.1
 ip name-server 191.1.10.3
 ip name-server 172.28.123.21
 ip domain-name fogas.local
 ip default-gateway 10.8.100.200
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan Fogas_Corporativo bss 1 primary
  wlan Fogas_Mobile bss 2 primary
  wlan Fogas_Visitante bss 3 primary
  antenna-mode 2x2
 interface radio2
  wlan Fogas_Corporativo bss 1 primary
  wlan Fogas_Mobile bss 2 primary
  wlan Fogas_Visitante bss 3 primary
  antenna-mode 2x2
 interface bluetooth1
  shutdown
  mode le-sensor
 interface ge1
  description "Vlan Rede Local"
 interface ge2
  description "Vlan Rede Sem Fio"
 interface vlan1
  ip address dhcp
  ip dhcp client request options all
 interface pppoe1
 interface usb0
 use dhcp-server-policy DHCP_FOGAS
 no use firewall-policy
 ntp server a.ntp.br 
 use client-identity-group default
 no virtual-controller management-interface ip address
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 location Cuiaba
 contact suporte@fogas.com.br
 timezone Etc/GMT-4
 country-code br
 ad-wips-wireless-mitigation disable
 ad-wips-wired-mitigation disable
!
ap7522 94-9B-2C-2A-DB-AC
 use profile AP-7522
 use rf-domain default
 hostname AP-CGB02-ADM01
 area Administracao
 floor Administracao
 interface vlan1
  ip address 10.8.5.1/16
  ip address zeroconf secondary
!
ap310 20-9E-F7-78-F5-91
 use profile default-ap310
 use rf-domain default
 hostname AP-CGB-ADM01
 area CONTROLLER
 use radius-server-policy default
 interface radio1
  wlan Fogas_Corporativo bss 1 primary
  wlan Fogas_Visitante bss 2 primary
  wlan Fogas_Mobile bss 3 primary
  ldpc
 interface radio2
  wlan Fogas_Visitante bss 1 primary
  wlan Fogas_Mobile bss 2 primary
  wlan Fogas_Corporativo bss 3 primary
  ldpc
 interface ge2
  switchport mode trunk
  switchport trunk allowed vlan 1,40,50
  switchport trunk native vlan 1
 interface vlan1
  ip address 10.8.5.2/16
  ip address zeroconf secondary
 interface vlan40
  ip address 192.168.48.3/24
 interface vlan50
  ip address 192.168.58.3/24
 use dhcp-server-policy DHCP_FOGAS
 no use auto-provisioning-policy
 virtual-controller
 rf-domain-manager capable
 no adoption-mode
!
!
end

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
ckelly
Extreme Employee

‎08-03-2021 04:53 PM

From the CLI of one of the 7522’s, try running this:

enable

service pktcap on bridge filter port 67 and port 68

 

The output will show the actual DHCP traffic bridging through the AP. My guess is that either the OFFER is not making it back or the client’s REQUEST isn’t going out.

View solution in original post

0 Kudos
13 REPLIES 13

Go to solution
Matheus_Santana
New Contributor III

‎08-03-2021 03:20 PM

The Fogas_Corporativo wlan delivers IP directly from native vlan and doesn't need dhcp server from VC, it already delivers IP automatically.

VC's ge2 port has this trunk configuration, as the routing of vlan 50 arrives there, and for this reason the network was in tunnel, this routing does not physically reach the 7522 at the ends.

0 Kudos

Go to solution
ckelly
Extreme Employee

‎08-03-2021 02:50 PM

So all of these DHCP bindings are from wireless clients.

And those lease IP addresses come from VLAN 40 and 50. To be clear, are you saying that those leases are for wireless clients that are directly associated with the radios on the 310i VC and not from clients associating with the 7522’s?

 

Looking through the configs some more, found this unsupported configuration:

wlan Fogas_Mobile
 description Fogas_Mobile
 ssid Fogas_Mobile
 vlan 40
 bridging-mode tunnel

 

Same thing on the “ Fogas_Visitante” WLAN config.

Tunneled WLANs are not supported with VC APs (only supported on hardware WiNG controllers - like the RFS6000 you have).  Change this value from “tunnel” to “local”.

Looks like wlan “Fogas_Corporativo” is already set to ‘local’. Out of curiosity, do wireless clients associating to this WLAN get a DHCP lease?

 

Also, on the 310i VC, you have ge2 setup as the trunk port and not ge1. Is this correct? Intentional? Network cable is plugged into ge2?

 

0 Kudos

Go to solution
Matheus_Santana
New Contributor III

‎08-03-2021 02:20 PM

I removed the DHCP service from the AP7532 profile, leaving it only on the AP VC 310, really, this was incorrect.

The ranges are different between the AP310 config I sent and this AP7522, because I'm collecting this information from another unit, which works the same way (An AP310 as VC and APs 7522 as slaves), this ap is adopted in another 310 VC , which is in another unit, different from the AP config that I sent at the beginning, in this other unit, the range is 49.

All these users are wireless clients, remembering that from VC, all networks are working normally, from 7522 onwards, VLANs 40 and 50 are not functional.

0 Kudos

Go to solution
ckelly
Extreme Employee

‎08-03-2021 01:59 PM

In looking at those leased addresses, I just noticed something.

You have a DHCP service running on the 7522 AP...as per the 7522 Profile. Is this what you intended?

Normally, there would be a DHCP service running somewhere on the network or with a DHCP helper or on a WiNG controller…..but typically not directly on all of the APs. (maybe on just one AP, but even that’s rare).

As it is, you have a 7522 AP Profile that runs a DHCP service on every 7522….using the SAME address pool. (What’s odd though is that in the 7522 config above, the address pool range is different than that in the actual DHCP server policy (7522 DHCP service has the pool: .49.10 - .49.254 and .59.10 - .59.254

But on the AP310 VC, the pool in the DHCP server config says: .48-.10 - .48.54 and .58.10 - .58.254)

Not sure how to explain how these pool ranges are different.

 

Besides all that though, can you identify what these devices are in the DHCP binding output?  Are they wireless clients?  Or are they maybe instead wired clients?

0 Kudos

Go to solution
Matheus_Santana
New Contributor III

‎08-03-2021 01:33 PM

Mr. Kelly,

 

Apparently the DHCP Server is running:

 

AP-JSK-ADM01#show ip dhcp status
State of DHCP server: running
Interfaces: vlan40, vlan50
 

AP-JSK-ADM01#show ip dhcp binding
--------------------------------------------------------------------------------
   #       HARDWARE ADDRESS       IP ADDRESS              EXPIRY TIME
--------------------------------------------------------------------------------
  1      36-3B-4C-2E-A5-8D     192.168.49.237     Wed Aug  4 07:18:58 2021
  2      7A-84-2E-DC-1E-45     192.168.49.242     Wed Aug  4 08:46:43 2021
  3      CE-4A-B3-5D-D4-09     192.168.49.240     Wed Aug  4 09:57:56 2021
  4      12-57-F6-49-93-8C     192.168.49.241     Wed Aug  4 08:34:55 2021
  5      6A-58-C3-D4-72-8B     192.168.49.246     Tue Aug  3 20:27:54 2021
  6      6E-86-19-DD-3E-E2     192.168.49.247     Wed Aug  4 10:21:32 2021
  7      A8-DB-03-EE-31-2A     192.168.49.244     Tue Aug  3 15:13:41 2021
  8      D2-B5-B0-0C-D3-0A     192.168.49.243     Wed Aug  4 10:28:29 2021
  9      8A-4C-CD-67-A3-9C     192.168.59.252     Wed Aug  4 06:54:34 2021
  10     A0-39-F7-70-6F-36     192.168.59.240     Wed Aug  4 09:14:48 2021
  11     CA-35-9C-07-10-BE     192.168.49.248     Wed Aug  4 09:43:02 2021
  12     A4-83-E7-AD-DF-1D     192.168.59.242     Tue Aug  3 13:58:58 2021
  13     70-FD-46-55-B4-20     192.168.59.254     Tue Aug  3 18:18:50 2021
  14     8C-E5-C0-D0-3A-C6     192.168.49.238     Tue Aug  3 17:35:37 2021
  15     AA-74-EE-A1-56-3B     192.168.49.252     Tue Aug  3 19:36:34 2021
  16     58-D9-C3-94-48-1E     192.168.59.247     Wed Aug  4 08:50:19 2021
  17     8C-45-00-83-6A-BC     192.168.59.236     Tue Aug  3 18:59:30 2021
  18     C0-8C-71-3A-FB-17     192.168.59.237     Tue Aug  3 10:48:42 2021
  19     F0-D7-AA-4C-8A-94     192.168.59.248     Tue Aug  3 22:07:06 2021
  20     26-0E-0E-D3-5B-6C     192.168.59.246     Wed Aug  4 07:49:05 2021
  21     A8-16-D0-B7-67-F3     192.168.49.254     Tue Aug  3 18:44:37 2021
  22     0E-05-F7-27-D0-2A     192.168.49.239     Wed Aug  4 10:08:48 2021
  23     9C-E0-63-9B-B6-DB     192.168.49.245     Wed Aug  4 08:19:54 2021
  24     3A-D9-7A-BF-AD-13     192.168.59.251     Tue Aug  3 13:43:43 2021
  25     52-6F-8E-CF-9F-4B     192.168.59.250     Tue Aug  3 15:18:40 2021
  26     BA-14-50-99-D7-5E     192.168.59.235     Wed Aug  4 09:13:01 2021
 

0 Kudos
GTM-P2G8KFN