Clients connect but can't go anywhere

  • 1
  • Question
  • Updated 5 years ago
  • Answered
We recently installed Aerohvie AP's in our building to replace some Xirrus AP's that were getting fairly old and weren't being as reliable as we'd like. Since we've put these in place i've made changes to help improve things as much as I can, but overall my efforts don't seem to be working much. As far as I can tell everything on the switch side of things look great and everything on the AP configuration looks great, but things are not great for the clients. What we are seeing is that the client machines are able to connect to the wifi, but once they have connected some will be able to do work fine all period, while another group can't do anything from the git go, and then another group who will work for half the period or randomly. Now as far as our configuration, we are using a medley of Cisco Switches, primarily 2960's and 3750x's. The port configuration generally looks like this:

description Aerohive AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,4
switchport mode trunk
spanning-tree portfast
spanning-tree bpdufilter enable

Our network policy on the AP itself. Uses WPA.WPA2 PSK for it's wifi security, the user profile is set to access vlan4 for it's traffic, assuming that this would tagged traffic. and then our MGT Interface and Native (untagged) VLAN uses VLAN 1 for ti's data connections.
Photo of Michael Mowery

Michael Mowery

  • 2 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
Couple things to check - do you have any client classification turned on that may be assigning other VLANs for other user profiles? What is the native VLAN set to on the switch port? It's been a long time since I had to configure a Cisco switch, but I think you need switchport trunk native vlan 1 in there somewhere. Otherwise, b/c you have the same MGT and Native on our AP, we will send VLAN 1 untagged and your switch may drop it. Other option is to change the Native VLAN on the APs to whatever untagged VLAN you want, and then leave the MGT VLAN as 1. That will tag all MGT packets leaving the Aerohive AP as VLAN 1.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Portfast should be for access ports 99% of the time.
and bpdufilter can be removed if you don't use portfast

make sure your ssid is mapped to vlan 4
use vlan probe to test vlan

For me
I allow spanning tree to do it's thing
I use a mgmt vlan that assigns APs there management IP info
and a native vlan that has no IP info assigned.

If you decide not to use vlan 1, you must console in the AP and assign the mgt interface to the correct management vlan and native vlan.

I also use the switchport trunk native vlan X since I do not use vlan 1