VLAN request status - DHCP

GabrielTravel
Comes here often

VLAN request status - DHCP

Hi Everyone.

 

I would like to understand how one of my wireless client tried to reach out the AP-MGMT vlan to get DHCP request, since that it should reach only the vlan WIFI.

 

My SW interface config is native vlan to the AP-MGMT, allowing DATA, WIFI, AP-MGMT vlans to traffic on it.

 

Does someone have any idea ?

 

OBS: the vlan AP-MGMT has dhcp server activated providing IPs just for Access Points.

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

Do not forget that the DHCP process is via broadcast and most importantly, your AP is probably configured with the native VLAN for the management VLAN, so depending on how your SSID is configured, clients will try to obtain an IP from that VLAN.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

Have you confirmed the MAC address belongs to a WiFi NIC on a client?

 

Perhaps the AP sent the DHCP request itself.

a5it
Getting noticed

From your description, it seems like a client device on the WIFI VLAN is attempting to get a DHCP lease from the AP-MGMT VLAN, which is quite unusual.

Typically, clients should only send DHCP requests on their associated VLAN (in this case, the WIFI VLAN). The AP should encapsulate these client frames into a CAPWAP tunnel, which would then be sent to the MX or the switch on the AP-MGMT VLAN. However, only AP-MGMT traffic should be sent on this VLAN, not client traffic.

If a client is somehow sending DHCP requests on the AP-MGMT VLAN, it could potentially be due to a misconfiguration. Here are a few things to check:

  1. VLAN Settings: Ensure that the VLAN settings on both the AP and the switch are correct. The AP should be tagged on the AP-MGMT VLAN, and the switchport should be configured to allow the necessary VLANs.

  2. DHCP Server: Ensure that the DHCP server on the AP-MGMT VLAN is not set to respond to client requests.

  3. Switchport Configuration: Make sure the switchport where the AP is connected has the correct configuration. The native VLAN should be set to the AP-MGMT VLAN and the allowed VLANs should include the DATA and WIFI VLANs.

  4. Wireless Client Configuration: Check the client's wireless and network settings to ensure it's not manually set to use the AP-MGMT VLAN.

  5. Access Control Lists (ACLs): Check if there are any ACLs that might be allowing the client to access the AP-MGMT VLAN.

  6. SSID Configuration: Ensure that the SSID is correctly associated with the WIFI VLAN.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels