Wireless Guest Access with CWP

  • 1
  • Question
  • Updated 4 years ago
  • Answered
We have recently started having issue with some guest computers not being able to access the Wireless Guest network. It appears that they are not receiving an IP to allow them to connect to the CWP 1.1.4.xxx address. it looks like the hivemagr is trying to send. Pc's show limited or no connection and that a 169.x.x.x ip address.

any thoughts on where to look?
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
  • sad

Posted 4 years ago

  • 1
Photo of Bas de Gruijter

Bas de Gruijter

  • 8 Posts
  • 0 Reply Likes
Hi Tim,

We need more information about your network infrastructure.
You are saying that you have issues with "some" guest computers. Does that means that some clients will receive an IP and some don't (connected to the same AP/SSID?). Are you using VLAN's, what DHCP server are you using?

Without more information my first thought will be:
Have you checked if your DHCP server is running? The 169.x.x.x address is a default range which the clients will assign to themselves when they don't get a DHCP lease in time.
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Tim,
Has the load on your network increased recently? If your clients are falling back to the link-local address space, then they didn't get a DHCP Offer within the window they expected. It could be that the embedded DHCP server within the AP isn't able to get airtime within the window that the client expects, or that it has failed somehow.

I see that you were expecting them to be given an address in the 1.1.4.x range, how many SSIDs and CWPs do you have? My plain-vanilla setup uses the 1.1.1.x range for the initial CWP connection.
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
We Broadcast 4 SSID's and 1 CWP

1 is the Corporate which uses Radius and certs
1 is mobile devices the Key is sent to devise by our MDM solution
1 is Board members uses a PSK
1 is the Guest that uses the CWP and is an open network

I tried setting up a open with no CWP and still had issue
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
Load may be up on the guest network, we have about 50 Guest on during the day spread across 10-13 APs and have 1 captive web portal.
Photo of eastman rivai

eastman rivai

  • 1 Post
  • 0 Reply Likes
Which device provides DHCP server?
What is the size of the subnet?
What is the length of the address lease, default is 24 hours. As this is an open network, IP addresses may be issued to associated devices nearby
Check the DHCP lease, it may be full. if it is full, you may clear the lease using the following CLI

clear interface <> dhcp-server lease

Could run client monitor on the Hive Manager? This will help determine the cause of the issue.
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
Time Client MAC Addr BSSID Device Name Level Description

=======================================================================================

01/10/2014 01:53:38 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 BASIC (1268)Sta(at if=wifi1.5) is de-authenticated because of notification of driver
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 BASIC (1321)Rx auth (frame 1, rssi 48dB)
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 BASIC (1322)Tx auth (frame 2, status 0, pwr 15dBm)
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 BASIC (1323)Rx assoc req (rssi 49dB)
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 BASIC (1324)Tx assoc resp (status 0, pwr 15dBm)
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1325)Open auth is starting (at if=wifi1.5)
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 BASIC (1326)Authentication is successfully finished (at if=wifi1.5)
01/10/2014 01:53:41 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1327)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:53:44 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1328)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:53:48 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1329)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:53:55 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1330)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:54:12 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1331)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:54:44 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1332)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:54:49 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1352)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:54:57 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1353)DHCP server sent out DHCP OFFER message to station
01/10/2014 01:55:13 PM 173A4B680F01 0019879C8C2C HQ-2FL-205 INFO (1354)DHCP server
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
I spoke with Support an they were unsure what to do, spoke of a trunking issue, or a buffer issue. suggest i roll back FW from 6.1r2 to 5.1r5 I tried on one device made no difference.
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
I am assuming its the Hivemanger that provides the DHCP I see that range 10.20.254.3-10.20.254.254 not sure where the captive portal range comes from.

support cleared the DHCP Scope using SSH to one of the AP's
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
In case you wanted to know where the .4 address comes from
wifi0.1 — 1.1.1.1/24
wifi0.2 — 1.1.2.1/24
wifi0.3 — 1.1.3.1/24
... ... ...
wifi0.16 — 1.1.16.1/24
wifi1.1 — 1.1.101.1/24
wifi1.2 — 1.1.102.1/24
wifi1.3 — 1.1.103.1/24
... ... ...
wifi1.16 — 1.1.116.1/24

I would check the dhcp server and set the lease for a short period of time, like 1 Hour.

check your vlans, maybe increase the ip subnet size on each vlan from /24 to /23

use vlan probe to test that the vlan reaches the dhcp server

I would use a dedicated dhcp server pair instead of the APs because my experience with using dhcp servers on switches, routers, etc from all sorts of vendors is that memory becomes an issue and can cause the device to stop offering addresses. It really is meant for small small office environments.

the dhcp scope would come from the AP - not the HM



http://www.aerohive.com/330000/docs/h...
Photo of Stefan van der Wal

Stefan van der Wal, Champ

  • 70 Posts
  • 24 Reply Likes
Hi Tim,

I think I'm going to agree with Andrew here, we have a couple of small deployments where this exact DHCP issue arose and configuring an Aerohive AP as a DHCP server cleared it right up.

If you want I think I can help you diagnose the exact point of failure but then a bit of the information on the backend and install is needed.

Kind regards,

Stefan
Photo of Tim Mallon

Tim Mallon

  • 7 Posts
  • 0 Reply Likes
is it normal to only have 1 DHCP server internal for all of my APs or should I have 1 for each
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
I use 2 external servers and split the subnets for redundancy
so for a subnet of 10.100.100.0/23
server 1 scope would be 10.100.100.10 to 255
server 2 scope would be 10.100.101.1 to 254

for wireless clients I use a short lease time of 1 hour
and have serveral subnets that get assigned based on SSID and topology

this requires trunking to the APs