VLAN/DHCP Issue

Anonymous
Not applicable

VLAN/DHCP Issue

Hello,

I have clients connected to a SSID that are not receiving IP address. This is the error appearing on SA:

 

DHCP problemextra: no_offers_received, vap: 0, vlan: 10
DHCP problemextra: no_offers_received, vap: 0, vlan: 10

 

 

MX64 has two VLANs:

Guest network: VLAN 3 - 172.30.2.0/24 - IP 172.30.2.254

Office network: VLAN 10 - 172.18.0.0/16 - IP 172.18.0.130

 

DHCP is enabled on SA for both VLANs.

 

All SA ports are in Trunk - Native VLAN 10 - Allowed VLANs: all

 

MR33 have two SSID:

Guest - VLAN 3

Office - VLAN 10

 

- Wired clients (VLAN 10) get their IP address

- Wireless clients (VLAN 3) get their IP address

- Wireless clients (VLAN 10) cannot get their IP address and I found the error above in Event Log

 

Please, can you give me some helpful information to troubleshoot ?

 

Thank you,

Luca

 

 

13 Replies 13
NolanHerring
Kind of a big deal

Is your MX the one supplying DHCP (acting as the server) or is that another server somewhere else?

Also, is your scope size accurate? I see you showing it as a /16

If your MX is doing DHCP I believe from recent discussions that doing a /16 is too large for it to process locally.

If it is not doing DHCP, you need to make sure you have a relay setup for the actual DHCP server (possibly).
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Anonymous
Not applicable

Hello Nolan,

here the answer to your points:

 

1. MX is the one supplying DHCP

2. The scope is /16: the network defined in SA is /16. Even if larger network was defined in SA, I know Meraki's DHCP will serve /19 only; so if I'm not wrong the DHCP range should be 172.18.0.0/19 (172.18.0.1 - 172.18.31.254); they are, however 8190 hosts (here I have 150 hosts at maximum).

3. The problem occurs with one SSID (that belongs to /16); no problem with wired clients on same VLAN 10

4. I don't have a relay because DHCP is provided by MX

NolanHerring
Kind of a big deal

Ok, well I honestly don't know how the /16 vs /19 will work (if it actually impacts anything), so lets assume its not that.

Can you validate the Access Control setting for the 'office' SSID is set correctly.

Also, can you show the switch port configuration for where the AP connects to.

Its possible the switch port is not allowing VLAN 10 for example etc.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Anonymous
Not applicable

Hello Nolan,

I validated Access Control setting for office SSID; I made this test:

 

if I specify the VLAN 10 => I have the problem: clients connected to this SSID cannot get their IP address

if I don't specify any VLAN tagging => clients get their IP address correctly (172.18.0.0/16 VLAN 10)

 

I have MX; one AP is directly connected to the MX; the other APs are connected to two network switches (not Meraki).

Now I'd like to make this test: connect a client to the AP (SSID "office" configured with VLAN 10 tag)  directly connected to Meraki SA => it should get the IP address because there are no devices in the middle.

 

So maybe there is some issue on these two switches ?

Anonymous
Not applicable

Hello Nolan,
just an update to my latest answer.

 

Even if I have an AP directly connected to SA (to exclude any switch in the middle), if I set the VLAN 10 for SSID "office", clients don't get the IP address, but if I don't set any VLAN for SSID, they get the IP address.

 

All SA ports are in Trunk - Native VLAN 10 - Allowed VLANs: all

 

So, please, can you confirm this: if the Native VLAN 10 is set on SA I don't have to set any VLAN on SSID "office" ?

 

Thank you very much for your help,

much appreciated.

 

Regards,

Luca

 

rhbirkelund
Kind of a big deal
Kind of a big deal


@Anonymous wrote:

[...]

 

All SA ports are in Trunk - Native VLAN 10 - Allowed VLANs: all

 

[...]

 


If VLAN10 is native try keeping the VLAN ID field empty on the AccessControl Page for the SSID, but keep VLAN tagging enabled.

meraki-untagged-ssid.PNG

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Anonymous
Not applicable

Hello rbnielsen,

what's the difference between leaving VLAN tagging enabled (but empty) and VLAN tagging disabled ?

 

Thank you,

Luca

rhbirkelund
Kind of a big deal
Kind of a big deal

It is whether or not you are utilizing IEEE802.1Q  to tag frames.

 

Leaving the VLAN ID field empty, you are not tagging the frames, but they are still using 802.1q trunking. 

 

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Fundamentals_of_8...

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
Anonymous
Not applicable

Hello rbnielsen,

I cannot enable VLAN tagging and leave VLAN ID empty: I get an error while saving:

 

There were errors in saving this configuration:

 

  • One or more errors occurred. No changes have been saved.
  • Could not find a default vlan id for all other APs.

 

So I assume the VLAN tagging shouldn't be enable if I don't have to use it.

rhbirkelund
Kind of a big deal
Kind of a big deal

Huh... That's odd... I'm getting the same error... I'm certain I've done this earlier...
LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
NolanHerring
Kind of a big deal

If you remove the native VLAN 10 from the switch port, then you should be able to assign VLAN 10 onto the SSID. If you leave native VLAN 10, then you don't need to specifiy it on the SSID.

I personally am not a fan of this approach.

I use the native VLAN on trunk ports for the access points so that it places them on the VLAN (management), and then the actual VLANs I use for end-users (data vlans etc) are different.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Anonymous
Not applicable

Hello Nolan,

I completely agree with you.

I should define a VLAN (1 for example) for management only; set it as native and use any VLANs for all the rest.

 

Regards,

Luca

Vla
New here

This approach does not worked for me.

Removed native VLAN on the MX trunk port, added VLAN ID for the SSID  - and nothing works.

Adding native VLAN on MX and leaving VLAN ID on SSID blank (=0) - works, converting all wireless users to native VLAN. 

strange configuration situation...

Get notified when there are additional replies to this discussion.