We are experiencing a DHCP issue with one of our vlans. Clients on our separated vlan aren't getting any IP via meraki. The DHCP server resides on another subnet and we have activate the relay server on the DHCP on the meraki dashboard. The policys are all right and verified that they allow traffic in and out the network which the dhcp server resides. How can this problem be solved, is there any recommandation to follow or any tools embedded on dashboard that can be used?
Another question! Is ipv6 pools supported through meraki firewalls, and does IGMP snooping affect in any way ipv4 or ipv6 leasing for clients?
Thanks in advance!
1. Can you statically assign a IP and get outside the VLAN or Network?
2. With Static IP can you ping Gateway and server?
3. Check trunk ports. I have mistakenly pruned a VLAN in the past and its easy to do and not realize.
Seeing as your DHCP server is on another subnet, it might be worth checking your VLAN settings to allow "DHCP relay" and then input the DHCP server address. That way the switches know where to send DHCP requests
If you do a packet cature on the MX do you see the DHCP request from the client come into the MX? Do you see a reply come back from the server?
IPv6 is basically not supported on the MX.
Is your DHCP server using a gateway that can route its traffic to the other VLAN?
Seems that the MS switch has all the half of the ports tagged on vlan 60 and the other ports are trunks (native vlan 1, allow all other vlans). The vlan which the clients should sit and get IP address is vlan 20 but this vlan is not present on any of the ports on the switch. I will try to solve this issue and concentrate on this point then I will have you know how it went!
When I try to do packet capture on the security appliances on the lan interface for capturing broadcast packets, I dont see any dhcp discovery packet from the client toward the firewall. But on the event log I do get lots of event type of DHCP problem:
|Jul 3 13:33:34||workstation-test||DHCP problem||extra: no_offers_received, vap: 0, vlan: 20|
Do you guys think that it should be sufficient with those three configured steps on the firewall:
1. There is site to site vpn rule configured that permits all services from the client vlan into the server vlan on the other side (behind the MX firewall)
2. The relay server which is going to be used from the client vlan is also specified, and
3. Vpn route that routes traffic from the client network to the server network (behind the MX) is also configured.