DHCP offer not recieved by client

  • 3
  • Question
  • Updated 2 years ago
  • (Edited)

We have 2 client VLANs available via wi-fi, each one with it's own SSID. One is an internal corporate VLAN, and the other is an external guest VLAN which connects directly to the internet. The APs themselves are setup as DHCP servers for the external network, and devices that only ever operate on the external VLAN always get thier DHCP address from the APs without issue.

Occasionally an internal corporate device needs to switch over to the external VLAN, and we often find that they don't pick up an IP address when doing so.

Running client monitor I can see the DHCP offers being sent from the AP, but running Wireshark on the client device it seems that the DHCP offer is never recieved. This only seems to be an issue when switching from the internal SSID to the external SSID - any ideas what could cause this behaviour?

Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like

Posted 3 years ago

  • 3
Photo of Tobias

Tobias

  • 3 Posts
  • 0 Reply Likes
Hello Steve

We are facing a similar issue with DHCP offers not being received by the client.
Have you found a solution for your problem?

Regards,
Tobias
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like
Hi Tobias, no unfortunately we haven't resolved it yet, but I'll log a support case with Aerohive soon as it also seems to randomly affect clients on the corporate network as well.

Just out of interest what client devices are you using? We're using Surface Pro 2 and Surface Pro 3 tablets (nothing else unfortunately so I can't compare results)

Also what APs are you using? Ours are mostly the AP130 model with the 6.5r1.2154 HiveOS, but I suspect that our AP120 and AP121 with 6.x OSes are in the same boat
Photo of Tobias

Tobias

  • 3 Posts
  • 0 Reply Likes
We are using a Lenovo E530. Currently only one device has this problem (as far as we know of).
The APs are AP120 with 6.2r1c.1943.

We've dumped the packages during an "ipconfig /renew" on an AP. We see the DHCP Discover from the client and also the DHCP offer from the DHCP-Server. But the client never gets this offer (no DHCP ACK)....

When we connect to notebook via a LAN cable, then suddenly also the Wifi Adapter gets an address via DHCP....
Photo of J. Goodnough

J. Goodnough, Champ

  • 266 Posts
  • 32 Reply Likes
I've seen similar issues; seems related to to the client never seeing a DHCP NACK when the server sends it. Maybe.
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
Have you tried disabling the wireless card and then re-enabling it? This usually will fix an issue where a client does not get a new DHCP lease.
Photo of Tobias

Tobias

  • 3 Posts
  • 0 Reply Likes
We have rebooted the client. That did not help.
We have not yet tried disabling the wireless card and then re-enabling it. Will do that the next time the issue appears.

What usually helps is doing a deauth of the client on the access point and then restarting the client.
Then it gets an correct IP address.
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like

Hi Tobias, just a bit of an update on what I've found so far. The issue in the original post (IP from DHCP server on the AP not received, when a client moves from the internal VLAN/SSID to the external VLAN) is not the same issue as in my 2nd post (IP from corporate DHCP not applied sometimes, for some clients on the internal VLAN)

The first issue was related to a DHCP offer from the AP not being received by the client, and it seems to have been resolved by enabling the 'DHCP relaly' function on all of the APs who aren't already DHCP servers themselves. This shouldn't have been necessary, because the DHCP offers should be heard by any client authenticated on the external network, given that all APs can connect to and service that VLAN. I asked the question in this thread https://getsatisfaction.com/aerohive/topics/dhcp-relay-function and another helpful member agreed. Nonetheless, enabling the relay function does seem to have resolved that particular issue so far

The 2nd issue might also be resolved (time will tell), but I found in that scenario the client was actually receiving the DHCP offer (after sending out a DHCP DISCOVER)  but the client wasn't following up with a DHCP REQUEST after receiving the offer. One change I made was to correct the NTP settings on the APs, because I discovered that the clock was wrong on most of them. The issue didn't seem to be resolved at that point, even though I could verify that the AP clocks were all correct, but the following day the test client I was using started working. I'll keep an eye on the issue and see if it crops up again, but if not, the NTP change might have fixed it

(Edited)
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Hi guys,

I'm starting to think this may be a firmware issue because ever since I've updated my AP's Ive been getting this exact same issue. I even had engineers from Aerohive come take a look at it and we could not resolve it. In addition, when we analyzed our Pcap, Aerohive noticed that once the client sends out a DHCP request, the Server then sends it back but the AP distributes it to the wrong interface. It's driving me crazy because we can't seem to resolve anything with the issues we're having with Aerohive. When we fix one thing another issue comes up, and now that we resolved our old problems we now have this DHCP issue on the AP's. Furthermore, I like to mention that our DHCP server for our internal network is on a virtual server and our public is located on the DMZ interface on our Firewall, and yes, this is only happening when trying to get on our internal network.
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
To anyone interested the firmware that I'm on is "HiveOS 6.5r2.2305 and HiveOS 6.5r3 on Hivemanager Enterprise   6.6r1"
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like

You could be onto something with the firmware Arison. Prior to installing AP130s we only had AP120 and 121 devices, running v5 firmware with a v5 Hivemanager. When we purchased a number of new AP130s, I upgraded everything to the latest v6 versions and that's approximately when DHCP problems started happening for us too

As I mentioned above, enabling DHCP relays on all APs seemed to resolve most of the DHCP problems on the guest/non-corporate VLAN (even though relays shouldn't technically be required) and of course it does generate some unnecessary DHCP chatter. We still get the occasional DHCP problem on that VLAN but not as much as before

The corporate VLAN also still suffers from DHCP problems on wifi - while the wired clients on the corporate VLAN have no issues. I won't enable relays on that VLAN, as the additional chatter wouldn't be desirable. Unfortunately I haven't had enough time to troubleshoot it further, and I haven't engaged Aerohive yet, mainly because it's so intermittent

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
"I can't make any changes until supports contacts me"

Why not? :-S
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Because I have Tier 3 monitoring each step we change etc. Also, I was able to replicate the DHCP issue and I attempted to send you the pcaps but your email failed.

nick.lowe@gmail.com
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Because I have Tier 3 monitoring each step we change etc. Also, I was able to replicate the DHCP issue and I attempted to send you the pcaps but your email failed.

nick.lowe@gmail.com
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Nevermind the files were too large, do you have a drop box?
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Yes, email me so I have your address or add me on Skype and I'll help you out! :)

Skype username is nick.lowe
Photo of rbentley

rbentley

  • 12 Posts
  • 0 Reply Likes
I had a similar issue with DHCP.  Mine seemed to be mostly confined to the PlayStation 4, and only if they were attaching to a wireless network that was using client classification to reassign them to a different VLAN.  I only saw the issue happen with HiveOS 6.6r1b.  I downgraded my AP230 after beating my head against the wall for a day trying to figure out what the problem could be.  I am currently running HiveOS 6.4r1g.2138 on the majority of my AP230s, but have upgraded some to HiveOS 6.5r3 Honolulu.2530 and tested the PS4s and other clients.  Everything seems to be pretty solid with that version.

I just saw that HiveOS 6.6r2 Irvine.2309 is available now.  I am going to test that now and see if the problem comes back.

Have any of you by any chance checked the box on the SSID config that says “Disable multicast and broadcast traffic forwarding onto wireless”?  I didn’t have time to test it rigorously, but I seem to remember having an unexpected behavior with DHCP when that was checked, I could be wrong though.  I have put some IP firewall policies in place to specifically allow DHCP Server and DHCP client traffic so I don’t have to worry about it.

Something like this...
ip-policy VLAN1_From
ip-policy VLAN1_From id 3 from 0.0.0.0 0.0.0.0 to 0.0.0.0 0.0.0.0 service DHCP-Server action permit

ip-policy VLAN1_To
ip-policy VLAN1_To id 3 from 0.0.0.0 0.0.0.0 to 0.0.0.0 0.0.0.0 service DHCP-Client action permit
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Bentley that makes sense of what you're saying in regards to classification because I do use Device tagging per site and according to the engineers, the Pcap's are showing that the DHCP acknowledgement is being sent out on a different sub interface, therefore my client will never the IP address. Maybe there's a bug on "device classification? Also, I don't have "Disable multicast" checked.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
HiveOS 6.6r2 is technically only supported with HM-NG and not classic HM. The release notes can be found within the HM-NG help.
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Bentley, are you're AP's managing the DHCP? or do you have DHCP somewhere else? because we do not use our AP's for DHCP.
Photo of rbentley

rbentley

  • 12 Posts
  • 0 Reply Likes
Hi Arison, We use a separate DHCP server.
Photo of Arison Mercado

Arison Mercado

  • 113 Posts
  • 8 Reply Likes
Sigh,

So you had to create a IP firewall policy in order to fix that issue?
Photo of Jonny M

Jonny M

  • 6 Posts
  • 7 Reply Likes
I'm seeing the same issue on AP230s running HiveOS 6.5r3 Honolulu.2530. Our distributor who I have to use for all first-line support for some reason keeps trying to get me to change radio power and settings, even though manually assigning an IP address to a client provides perfect connectivity. I ended up running DHCP on one of the APs in the same VLAN to get around the issue.

I upgraded another site to HiveOS 6.5r3 Honolulu.2530 to see what happened, almost instantly there were complaints of DHCP problems - I highly suspect something is dodgy in this firmware but nobody who is meant to be providing support knows about it.

It's not the first time I've had DHCP problems with Aerohive APs, the bug just goes away for a bit when certain releases come out.
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like

That's all looking and sounding pretty conclusive really. We're still on HM 6.5r1 but when I get the opportunity I'll upgrade to HM 6.6r3 and Hive OS 6.6r1 on the AP130s

I might have to hold my breath for our smaller branches, because we've re-distributed our older AP120 and AP121 devices to them, and the only v6 release available for those devices is the Golden 6.5r3. But if they do give us any grief with DHCP, I'll get in touch with support and see if they have a 6.6r1 version available for those

Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Steve,
There will not be a HiveOS 6.6rX for AP120 or AP121. The last version of HiveOS for those platforms is the 6.5r3 branch.

There WILL be more maintenance releases on that branch, we are wrapping up version 6.5r3a and it should be released around the first week in February. 

Bug-fixes are now, when applicable, being checked into two released branches of code, the golden branch (current latest is 6.5r3, soon to be 6.5r3a) and the feature branch (current latest is 6.6r2, soon to be 6.6r2a when it gets similar bug-fixes as 6.5r3a). 
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Steve,
There will not be a HiveOS 6.6rX for AP120 or AP121. The last version of HiveOS for those platforms is the 6.5r3 branch.

There WILL be more maintenance releases on that branch, we are wrapping up version 6.5r3a and it should be released around the first week in February. 

Bug-fixes are now, when applicable, being checked into two released branches of code, the golden branch (current latest is 6.5r3, soon to be 6.5r3a) and the feature branch (current latest is 6.6r2, soon to be 6.6r2a when it gets similar bug-fixes as 6.5r3a). 
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like
Mike, can you tell me if the DHCP issue has been identified? As Jonny found there was mention of a DHCP fix in the release notes of HiveOS 6.6r1/r2. Of course it's hard to know from one line of text if it's related to the actual issue that we're experiencing. Though his and Regi's results suggest it could well be

If it's of any use I can provide support with some Wireshark and client monitor information. Just recently while monitoring I saw that DHCP OFFERs were not being received by the client until a full minute after the initial DHCP DISCOVERs went out, even though the AP client monitor logs suggest that it was sending OFFERs from the get-go. Then the DHCP OFFERs that were received by the client a minute later, the client wasn't responding to with a DHCP REQUEST (maybe because it was too late and the client had already assigned itself a 169.x.x.x address). I have those actual captures saved
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like
Mike, can you tell me if the DHCP issue has been identified? As Jonny found there was mention of a DHCP fix in the release notes of HiveOS 6.6r1/r2. Of course it's hard to know from one line of text if it's related to the actual issue that we're experiencing. Though his and Regi's results suggest it could well be

If it's of any use I can provide support with some Wireshark and client monitor information. Just recently while monitoring I saw that DHCP OFFERs were not being received by the client until a full minute after the initial DHCP DISCOVERs went out, even though the AP client monitor logs suggest that it was sending OFFERs from the get-go. Then the DHCP OFFERs that were received by the client a minute later, the client wasn't responding to with a DHCP REQUEST (maybe because it was too late and the client had already assigned itself a 169.x.x.x address). I have those actual captures saved
Photo of Paul Finlay

Paul Finlay

  • 2 Posts
  • 1 Reply Like
We've seen the same DHCP issue with clients on AP130s running 6.5r3. A Client Monitor capture would show DHCP offers being sent but the client never responded, it could take up to 60 seconds for device to connect. This was resolved by upgrading the firmware to 6.6r1b
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like

Finally got around to upgrading to HM 6.6r3 and HiveOS 6.6r2a (from 6.5r1). Initial indications are good for DHCP although time will tell. I tried to use HiveOS6.6r1b as most people were reporting success with that, but HM wouldn't upload it for some reason. JonnyM had also seen a DHCP fix mentioned in the release notes of HiveOS 6.6r2a so I'm giving that one a try, and my test machine (Surface Pro 2) that was failing consistently when switching between SSIDs has now started working

Photo of Regi Pradeeswaran

Regi Pradeeswaran

  • 12 Posts
  • 5 Reply Likes
Thanks for the update Steve. Please let us know how its goes in the next few weeks

Cheers

 
Photo of Regi Pradeeswaran

Regi Pradeeswaran

  • 12 Posts
  • 5 Reply Likes
Hello been running HM 6.6r3 and HiveOS 6.6r2a on AP 230's so far all good 
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like

Still going great after 3 months - not a single DHCP issue

AP130 APs all running 6.6r2a

AP120 and AP121 APs all running 6.5r3a

Hivemanager on 6.6r3a

Photo of Regi Pradeeswaran

Regi Pradeeswaran

  • 12 Posts
  • 5 Reply Likes
Thanks for the update same for me with HM Enterprise  6.8r2 no issues so far 
Photo of Regi Pradeeswaran

Regi Pradeeswaran

  • 12 Posts
  • 5 Reply Likes
Just updated to HM Enterprise 6.8r2a and AP230's to HiveOS 6.8r1 Jakarta.-130440 all seems good will let you know in few weeks
Photo of Ludovico

Ludovico

  • 6 Posts
  • 0 Reply Likes
Hi, I have a similar problem but with one variant: one AP of 4 work good.
https://community.aerohive.com/aerohive/topics/ap120-and-dhcp-again
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like
Hi Ludovico, I've replied on your thread
Photo of Regi Pradeeswaran

Regi Pradeeswaran

  • 12 Posts
  • 5 Reply Likes
Been running HM Ent 6.8r3 for the last 3 weeks with HiveOS 6.8r1 Jakarta.-130440 on AP230's not a single issue, finally AH have sorted all the issues I think :-) 
Photo of Steve Bennett

Steve Bennett

  • 23 Posts
  • 1 Reply Like
Thanks Regi - good to know