(Some) DHCP Request Packets Dropped By Wireless System
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-12-2018 05:05 PM
I have a device on the wireless that is having issues obtaining a DHCP address. During the troubleshooting I performed a packet capture from the wireless controllers GUI. I found that the DHCP packets from the client were being dropped by the access point. Unfortunately I have not been able to determine the reason for the drops.
Does anyone know if there is a way to log dropped packets? I already have a syslog server logging a few other events.
Other information that might be relevant:
Version: 5.9.1.2-006R
AP Types: 7502 7532 8533
Does anyone know if there is a way to log dropped packets? I already have a syslog server logging a few other events.
Other information that might be relevant:
Version: 5.9.1.2-006R
AP Types: 7502 7532 8533
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-06-2018 09:19 PM
An update. After getting time to troubleshoot with the user I performed another packet capture. The capture stated that the DHCP request was being dropped because it was malformed. User was running a custom version of Android.
Thanks for the help everyone.
Thanks for the help everyone.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-15-2018 01:42 PM
This problem can occur if you have configured the WLAN to operate in bridged mode, but have created an SVI for the VLAN on the AP, there is no mechanism to prevent this unsupported configuration for occurring.
From Best Practices :
Switched Virtual Interface
When a Wireless Controller or Access Point bridges traffic on a VLAN it does not require a Switched Virtual Interface to be defined. One common mistake is to create a Virtual Interface for locally bridged VLANs on a device when it’s not required. A Virtual Interface is only required for the following scenarios:
1. Layer 3 Access Point adoption.
2. Device Management.
3. When the Wireless Controller or Access Point is providing IPv4 routing services between multiple IPv4 interfaces.
4. When the Wireless Controller or Access Point is providing NAT.
5. When the Wireless Controller or Access Point is terminating IPsec VPN tunnels.
6. When DHCP services are running on the Wireless Controller or Access Point.
Please note that all routed IPv4 traffic is inspected by the stateful packet inspection firewall. When IPv4 routing doesn’t work as expected with the defined Virtual IP interfaces, issue a service pktcap on drop command to see if any packets are being dropped by the stateful packet inspection firewall. Most firewall checks are enabled by default and can be disabled if needed.
From Best Practices :
Switched Virtual Interface
When a Wireless Controller or Access Point bridges traffic on a VLAN it does not require a Switched Virtual Interface to be defined. One common mistake is to create a Virtual Interface for locally bridged VLANs on a device when it’s not required. A Virtual Interface is only required for the following scenarios:
1. Layer 3 Access Point adoption.
2. Device Management.
3. When the Wireless Controller or Access Point is providing IPv4 routing services between multiple IPv4 interfaces.
4. When the Wireless Controller or Access Point is providing NAT.
5. When the Wireless Controller or Access Point is terminating IPsec VPN tunnels.
6. When DHCP services are running on the Wireless Controller or Access Point.
Please note that all routed IPv4 traffic is inspected by the stateful packet inspection firewall. When IPv4 routing doesn’t work as expected with the defined Virtual IP interfaces, issue a service pktcap on drop command to see if any packets are being dropped by the stateful packet inspection firewall. Most firewall checks are enabled by default and can be disabled if needed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-12-2018 08:13 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-12-2018 06:16 PM
Hello Andy,
Can you provide the best practice guide for the firewall?
Thanks for all of your help
Can you provide the best practice guide for the firewall?
Thanks for all of your help
