DHCP failures

Solved
DHAnderson
Head in the Cloud

DHCP failures

Today I got a call from a client that the WiFi was down.

 

Thanks to Wireless Health, I could see that a high percentage of clients (over 25%) were failing because of DHCP.  The errors in the event log are: extra: no_offers_received, vap: 0, vlan: 20

 

The DHCP errors are only on VLAN 20.  The other VLANS have no issues.  The DHCP settings in the MX are almost the same between all the VLANS.

 

Remotely rebooting the firewall (MX84) and switch (MS250-48FP) did not fix anything.  The DHCP pool for VLAN 20 is 85% free, so I do not think that is the issue,

 

There errors are continuing tonight, even after upgrading the firewall from 14.40 to 14.42.

 

Any insight would be greatly appreciated

Dave Anderson
1 Accepted Solution
DHAnderson
Head in the Cloud

I was my stupid error!

 

I had assigned the VLAN for VLAN20 in the Access Control for the SSID.  The switch port was configured as a Trunk with a default VLan of 20.  According to:

 

https://documentation.meraki.com/MR/Wireless_Troubleshooting/Wireless_Issue_Resolution_Guide#SSIDs_i...

 

Traffic will not flow.  I do not know why 70% of the clients could connect and 30% couldn't, but as soon as I removed the VLAN from the SSID, the problems went away.

Dave Anderson

View solution in original post

3 Replies 3
taikuritaipale
Here to help

We had similar sounding problem couple months ago when we used MS250 for L3 and wanted to deny one VLAN from accessing anything else than just one server. We had to do "deny any" rule for that VLAN. That blocked DHCP request for that VLAN. And weird thing was that all the laptops could get DHCP address from that VLAN but most of the handheld devices could not (can't remember what model that was).

I needed to allow UDP 67 and 68 ports for that VLAN to get DHCP request going for all the devices. Can't still quite understand why some worked and some did not... Of course if we removed that deny any rule everything worked also just fine. We had DHCP relay for that VLAN but i also tested that with MS250 DHCP with similar results. 

GIdenJoe
Kind of a big deal
Kind of a big deal

In a scenario like that be sure to always allow DHCP traffic towards the DHCP server as client asking for DHCP informs or simply renewing their lease will send using unicast directly to the DHCP server.

Of course if this fails they will ultimately retry using broadcast DHCP discover but that's at the very end of the lease and not recommended to let it come that far.

DHAnderson
Head in the Cloud

I was my stupid error!

 

I had assigned the VLAN for VLAN20 in the Access Control for the SSID.  The switch port was configured as a Trunk with a default VLan of 20.  According to:

 

https://documentation.meraki.com/MR/Wireless_Troubleshooting/Wireless_Issue_Resolution_Guide#SSIDs_i...

 

Traffic will not flow.  I do not know why 70% of the clients could connect and 30% couldn't, but as soon as I removed the VLAN from the SSID, the problems went away.

Dave Anderson
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels