DHCP issue on multiple AP's

  • 1
  • Question
  • Updated 2 years ago
We have 4 AP's and one of them is a DHCP server. How can I configure the other AP's to give IP addresses on clients? 

Now, I've seen multiple similar issues with this and some have given steps but still no luck.

We have configured VLAN's on the switch where the AP's are connected. 
We have tried doing a DHCP relay which I don't think is working 
We have tried different configurations on the DHCP and DHCP relay which didn't help.

Before we tried putting the DHCP relay or even configuring the VLAN's on the switch, clients can connect to the AP's but not getting IPv4 addresses and no internet.

After configuring the VLAN's on the switch they started getting IPv4 address but without internet.

And then, we started configuring for DHCP and DHCP relay which I think is not helping us either.

To add on that, we have two VLAN's, corporate and student. Corporate is working just fine as their DHCP is handled by our firewall and our student's DHCP is handled by one of the aerohive's 

I'm pretty sure that I'm missing a step here as internet is working on the other VLAN ( corporate ) and DHCP is distributed correctly.

Please if someone have similar network structure or similar issues that got resolve please share!, all I need is the simplest step by step guidance from you guys.
Photo of Paolo Lat

Paolo Lat

  • 7 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Hmmm... you wrote:

After configuring the VLAN's on the switch they started getting IPv4 address but without internet.

Ok - sounds like this solved your DHCP distribution, and the next problem is Layer-3 connectivity.

  • Which default-gw address are you assigning to your clients by the DHCP server?
  • Can you ping this address from your Clients?
  • Which device has this address and thus acts as default gateway for your Students VLAN? In an ideal environment this would be your Firewall as well. So, if not already done, you should add the Students VLAN on your Firewall with the default-gw IP address as interface address, and then add the appropriate routing and Firewall rules.

In other words: My guess is that your Students VLAN is not terminated (= has no functional default gateway to route traffic in and out of that VLAN), and thus your traffic is going nowhere.
(Edited)
Photo of Paolo Lat

Paolo Lat

  • 7 Posts
  • 0 Reply Likes
On one of the aerohives which is the DHCP ( 10.100.100.0 ) the default-gw is 10.100.100.1 which is non excisting. I tried using the firewalls IP and it won't let me.

I add the student vlan on the firewall with the IP address of 10.100.100.1 which didn't make any change.

I also add routing rules


from the client, I can ping 10.100.100.1 ( default-gw on the DHCP ) 
Photo of Paolo Lat

Paolo Lat

  • 7 Posts
  • 0 Reply Likes
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
That's Layer-1 (physical connections), can you add L2 (VLAN) and L3 (IP addresses) information?

L2 information should include which VLANs are tagged or untagged on which Swich ports.

If all is correct, if I understand your original design, your switch ports with APs connected should have your "main" VLAN untagged, and the Students VLAN tagged. Which means that on you Aerohive Network policy you have the Students SSID linked with a user profile, that puts clients into the same VLAN. Which must be tagged on your switch port 25, and your Firewall must be configured with that same VLAN ID tagged on LAN-2.
Photo of Paolo Lat

Paolo Lat

  • 7 Posts
  • 0 Reply Likes
Photo of Paolo Lat

Paolo Lat

  • 7 Posts
  • 0 Reply Likes
i hope i gave you enough information. I don't get what you mean by on my network policy i should have my students ssid linked with a user profile. 
Photo of Carsten Buchenau

Carsten Buchenau, Champ

  • 356 Posts
  • 117 Reply Likes
Sorry, need more (text is ok):
- Association VLAN - Subnet for all your VLANs (1, 2 and 3?)
- Your Firewall has an interface configured for alll 3 VLANs, right? Which one is it for each?
- On Aerohive, have you changed the settings for native and management VLAN (default: 1 / 1, which puts them into the same VLAN which is untagged on their Switch ports)

To your question: On Aerohive, you configure a Network Policy, and inside you define your SSIDs (left side of the Wizard screen). You then assign to each SSID a user profile (right hand side). Inside the User profile you set the VLAN that will be assigned to all users connecting to this SSID. Can you post a Screenshot of this overview, where we can see the SSIDs selected, user profiles and VLAN IDs used? Further below on the same screen you also see the settings for AP native & management VLAN, feel free to include this in your Screenshot :-)
Photo of Paolo Lat

Paolo Lat

  • 7 Posts
  • 0 Reply Likes
Hi, Sorry for the late reply. But the issue has been resolved. I got the chance to finally call the aerohive support and they've dealt with it. I think they were setting up the GRE tunnel for each hives and now the wifi is working for student side.