VLAN and DHCP-relay problem

  • 1
  • Question
  • Updated 4 years ago
  • Answered
We have a hive of APs with three SSIDs available, each SSID assigned a single User Profile with a different VLAN ID. Two SSIDs are for internet only and are routed to their own VLAN and work fine, ie VLAN Probe can see the correct VLAN IDs, and the connected router assigns the IP addresses, routing traffic to the internet only. Effectively routed away/isolated from the corporate network.

For the remaining SSID, this is effectively routed to their corporate core-switch via their RiverBed web-optimiser. Their DHCP server is also connected to their core-switch. A mgt sub-network has been assigned as mgt0.1 for vlan7 as a DHCP-Relay directed to their DHCP server and the static IP of the core-switch. Each AP is assigned this DHCP-Relay service.  
From any AP I am able to ping their DHCP server and the default gateway of core-switch, but unable to run a VLAN Probe for this VLAN ID of 7.

When a client device is associated to this SSID with a statically assigned IP within the Vlan-7 subnet, the Aerohive client list identifies the conencted device associating with the correct Vlan of 7. The APs are able to ping this client, but the client is not able to ping the DHCP server (or any hosts on the same subnet range of the DHCP server). This is odd, because from the APs the DHCP server can be pinged.

We haven't ruled out the APs, or the Riverbed Web Optimiser. Traffic on the router is seeing as being tagged with the Vlan ID-7.


Here is the CLI of the DHCP-Relay accessing the default gateway with the ip-helper address.:
interface mgt0.1 vlan 7
interface mgt0.1 ip 192.168.66.193/26
no interface mgt0.1 dhcp-server enable
interface mgt0.1 ip-helper address 192.168.1.6

Have confirmed that their core switch also uses the same ip-helper setting.

Wondering if anybody can assist with something we may be missing.



Photo of Jason Hills

Jason Hills

  • 78 Posts
  • 3 Reply Likes
  • confused!

Posted 4 years ago

  • 1
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
The two things I would check are that the VLAN trunks are set up correctly on the AP ports and any uplink ports, and that the routing is set up correctly.

It sounds like the VLAN trunk on the switch is set up ok for VLAN 7, since you say VLAN 7 tagged traffic is seen at the router.

Are you sure there is a route for 192.168.66.193/26 to get to the DHCP server (and back)?  You don't specifically mention this, but can the static IP assigned client ping the gateway for that subnet?  If so, what does a traceroute to the DHCP server tell you?

Can the DHCP server ping the AP at 192.168.66.193? You would need to make sure ping is enabled on the sub-interface in the DHCP relay setup.

The AP would ping the DHCP server from the MGT0 interface, not the MGT0.1 interface, so you are not pinging from the same source subnet.