AP doesn't receive IP address

ThomasB
Comes here often

AP doesn't receive IP address

Hi,

 

sorry for my bad english, i'm from France.

I've 2 Meraki device, 1 AP MR33 and 1 switch MS220.

 

The topology is : AP MR33 ---> MS220 --> Switch Avaya --> Firewall Fortinet --> Internet

The network configuration is : VLAN 34, 10.1.2.0/24, gateway 10.1.2.254 (NIC on Fortinet firewall), DHCP relay is configured on Fortinet firewall.

 

The problem is : the Switch MS220 receive an IP address by DHCP but AP MR33 doesn't receive an IP address from DHCP. The LED on the AP is blinking Orange ...

 

I've try this topology : AP MR33 ---> Switch Avaya --> Firewall Fortinet --> Internet , it doens't work ...

 

The DHCP server is a WS2012R2.

 

Thanks for your answers.

 

Thomas

14 Replies 14
VascoFCosta
Getting noticed

Have you tried to connect a laptop to the switch to see if the DHCP is up and running?


Cheers,
Vasco
____________
@VascoFCosta
Found this helpful? Please give me some Kudos!
ThomasB
Comes here often

Hi,

 

yes, it works. The laptop gets an IP address.

 

Thanks

ww
Kind of a big deal
Kind of a big deal

try factory default the AP then connect it to the meraki switch.

if it still not works make a packet-capture (network-wide-> packet capture) on the meraki switch port that is connecting the AP and look if there are any BOOTP packets(ap:discover, server: offer , client:request, server:ack) in the trace.

 

Adam
Kind of a big deal

I agree with @ww the AP should act just like a client laptop on the port.  Only variable is if POE is working.  The AP will need POE to fire up in addition to standard client connectivity.  

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
ThomasB
Comes here often

Hi,

 

i've capture some packet and i see BOOTP :

0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from e0:cb:bc:30:XX:XX, length 304, xid 0x294aaXXX, Flags [none]
      Client-Ethernet-Address e0:cb:bc:30:XX:XX
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Client-ID Option 61, length 7: ether e0:cb:bc:30:XX:XX
        Hostname Option 12, length 13: "me0cbbc30XXXX"
        Vendor-Class Option 60, length 6: "MERAKI"
        Parameter-Request Option 55, length 7:
          Subnet-Mask, Domain-Name, Default-Gateway, BR
          Hostname, Domain-Name-Server, MTU

ww
Kind of a big deal
Kind of a big deal

Also check if this packet is leaving from the swtich uplink to ur DHCP server and is this packet also received by your dhcp server? after a discover you would normally receive a "offer" from the dhcp server

Uberseehandel
Kind of a big deal

Make sure that the switch port the AP is attached to is configured as a trunk port and that it passes all VLANS. This will remove the possibility of a VLAN mismatch between the AP and the switch. Similarly, ensure that the up-link from the MS switch passes all VLANs.

However, it is entirely possible that there is a VLAN mismatch between the Avaya switch and the MS.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
redsector
Head in the Cloud

Trunk Port and a native VLAN which provides a dhcp server on the port where the accesspoint is connected to.

Uberseehandel
Kind of a big deal


@redsector wrote:

Trunk Port and a native VLAN which provides a dhcp server on the port where the accesspoint is connected to.


It works perfectly well if we do not use native VLANs per se, and is more secure. I have found that everything functions perfectly well if all VLANs are explicitly declared and trunk ports only handle nominated VLANs.

Believe it or not, I did actually find traces of a suspicion-raising device turning up on an uplink, without leaving footprints on the AP or the switch. However, I've not seen it since I stopped using ALL for trunk ports/up-links.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
redsector
Head in the Cloud

But, for the first "hello" the accespoint needs a IP-address with connection to the cloud, if there are some VLANS with DHCP how do the accesspoint know which vlan it has to take when you don´t give a native VLAN?

Uberseehandel
Kind of a big deal


@redsector wrote:

But, for the first "hello" the accespoint needs a IP-address with connection to the cloud, if there are some VLANS with DHCP how do the accesspoint know which vlan it has to take when you don´t give a native VLAN?


@redsector

 

When you configure the SSID you assign an appropriate VLAN; This VLAN should have a DHCP server.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
ThomasB
Comes here often

Hi,

 

i've try to configure the port in trunk mode and it doesn't work ...

An interessant thing, when i configure DHCP server on Fortinet Firewall instead of DHCP relay, it works.

 

I don't understand 😞

Uberseehandel
Kind of a big deal


@ThomasB wrote:

Hi,

 

i've try to configure the port in trunk mode and it doesn't work ...

An interessant thing, when i configure DHCP server on Fortinet Firewall instead of DHCP relay, it works.

 

I don't understand 😞


When you say "i've try to configure the port in trunk mode and it doesn't work" what exactly do you mean?

At this stage the port should be configured as a trunk port and VLANs allowed set to all. This will ensure that whatever IP address is offered, it will get through to the switch. At the simplest level, the AP needs a VLAN for management purposes and a VLAN for each SSID. If VLANs are not explicitly declared, then the default VLAN will be used for everything. 

As far as the the way the DHCP relay functions on the firewall, I have no experience.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Adam
Kind of a big deal

One way to simplify troubleshooting is to set the port going to the AP as an access port with your default/management to at least get the AP checking in online.  But if your long term strategy is to have SSID's with different vlans then you'll want to convert that switch port to a trunk port.  Set the native vlan to whatever your default or management vlan will be and then set allowed to a list of the vlans you'll use or 'All'

 

meraki.PNG

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels