Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7979
Views
0
Helpful
22
Replies

Clients cannot obtain an IP address

Go to solution
mikep83
Level 1
Level 1

‎02-28-2019 04:37 AM

Hi there, I hope you can help, I have been looking at this issue for a while now but am hoping it is something simple.

 

We have Meraki APs located in our 4 of our remote offices and they all connect to "Corporate Wifi" SSID which using Radius authentication. The clients obtain an IP from their onsite Windows DHCP server. However this does not work in our Birmingham office. I have spoken to Meraki support and they have proved by running a packet capture that DHCP requests are made, pass through to the AP and then are sent successfully out of the AP, so something upstream is stopping it. The wierd thing is that other SSIDs on the network which just us WPA2 for authentication ( no radius) work just fine and they obtain their IP from the same windows server that I am trying to reach from the "Corporate Wifi"SSID.

 

There is only one switch involved -   a 2960 catalyst, and everything is connected to it. 

 

Corporate Wifi has been set up to use VLAN 41 but doesnt get a DHCP address. 

"Staff Wifi" has been set up to not use a VLAN and it obtains DHCP fine. When i look on the meraki the VLAN says "NATIVE".

 

Looking at the config of the catalyst everything is in the default VLAN 1 ( the switch was nuked and rebuilt swiftly a few months ago). Im not aware of any ACL in play or anything specifically that could be blocking things.

 

I have changed the Corporate WIFI to use VLAN 1 temporarily and this still does not work. I have added an IP helper address to VLAN 41 , no joy. There is no interface IP configured on VLAN 41 and when i try to look at the setup of VLAN 41 it states "Internet Protocol Processing Disabled".  Should i have an interface IP on VLAN 41 or is this irrelevant?

 

I just cant see how the same Windows 10 laptop obtains DHCP from Staff wifi and not from corporate WIFI when both SSIDs should be using the same DHCP server to get an IP.

 

Can any of you assist me in where to look or do you need to see any particular config which I can copy and paste if required?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎03-01-2019 03:55 AM - edited ‎03-01-2019 04:03 AM

Hello

@mikep83 wrote

There is only one switch involved -   a 2960 catalyst, and everything is connected to it.

Corporate Wifi has been set up to use VLAN 41 but doesnt get a DHCP address. 

"Staff Wifi" has been set up to not use a VLAN and it obtains DHCP fine. When i look on the meraki the VLAN says "NATIVE".

Looking at the config of the catalyst everything is in the default VLAN 1 ( the switch was nuked and rebuilt swiftly a few months ago). Im not aware of any ACL in play or anything specifically that could be blocking things.

I have changed the Corporate WIFI to use VLAN 1 temporarily and this still does not work. I have added an IP helper address to VLAN 41 ,
I just cant see how the same Windows 10 laptop obtains DHCP from Staff wifi and not from corporate WIFI when both SSIDs should be using the same DHCP server to get an IP.

I am thinking as the meraki ssids are centrally managed and are working in other offices then they are correctly setup

Do you only have mearki Aps, no MX or MS devices and these aps are connected to this l2 switch?

I see no reference below to vlan 41 in your switch configuration lod-ch-comms-2960-asw 

Iits not being allowed on the trunks towards you aps?

cooperate wifi = vlan 41
Staff Wifi ssid   = vlan 1 Native vlan ?

 

vlan 20
name SERVER_NET

vlan 21
name DATA_USERS_NET

vlan 22
name VOICE_USERS_NET

vlan 23
name VIDEO_USERS_NET

vlan 24
name PRINTERS

vlan 61
name GUEST_USERS_NET

interface Port-channel1
description ***** Link To WarwickNet *****
switchport trunk allowed vlan 1,20-23,61

interface GigabitEthernet xxx
description **** LCAP0X ****
switchport trunk allowed vlan 20,21,61

interface GigabitEthernet1/0/48
description ***** Link to Cisco Cube Router *****  <-----WHAT does this router do
switchport access vlan 22
switchport mode access

interface Vlan20
ip address 10.2.0.4 255.255.255.0

interface Vlan20
ip address 10.2.0.4 255.255.255.0

interface Vlan21 <--not required
interface Vlan22 <--not required



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
22 Replies 22

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎02-28-2019 05:05 AM

Hello,

Does your Router or Switch L3 on your network have a ip help address configured?
Does your port trunk on switch are allowing the vlan 41 on trunks?

show running-config?
show ip dhcp relay

Thanks in advance.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎02-28-2019 06:01 AM

Hello,

 

in addition to Jaderson's remarks, it would be useful to know whether the Vlan 41 clients can or cannot get an IP address when you put them in Vlan 1 and still use RADIUS.

 

That said, where is the RADIUS configured, are you using AAA on a Cisco device anywhere ?

0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to Georg Pauwen

‎02-28-2019 07:02 AM

Hi there, 

 

As mentioned VLAN 41 has the IP helper address but still doesnt work, and also I have tried changing the VLAN for corporate WIFI to VLAN 1 and still no joy.

 

I have added an interface to VLAN41 so it now has an interface of 10.9.0.250 but it still doesnt work. I couldnt give it an interface in the 10.9.1.x range as it errored and stated that it overlaps with VLAN1 ( which it would do)/

 

The server is on 10.9.1.252 in VLAN1

All clients get a DHCP address in the 10.9.1.x range and all other SSIDs obtain DHCP fine on the 10.9.1.x range

0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to mikep83

‎02-28-2019 07:04 AM

trunk port allows 41 yes.

0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to mikep83

‎02-28-2019 07:15 AM - edited ‎02-28-2019 07:18 AM

 
Preview file
7 KB
Preview file
2 KB
0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to mikep83

‎02-28-2019 07:08 AM

This vlan 41 has an IP? Because you will need it in your L3 device.

Could you provide a configuration of this vlan?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to Jaderson Pessoa

‎02-28-2019 07:19 AM

Hi there, i have attached above in my previous reply, the config for vlan 41 and also the running config

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to mikep83

‎02-28-2019 07:24 AM

I think that it is a switch L3 and i couldn't see a ip routing command enable.  Could you provide a show ip route?

 

and if possible, run  ip routing

 

Doubt:   ip helper-address 10.9.1.252  < this is ip of DHCP SERVER, right?

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to Jaderson Pessoa

‎02-28-2019 07:29 AM

LOD-BHX-COMMS-2960X-ASW01#show ip route
Default gateway is 10.9.1.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

 

Above is the output from show ip route.

 

The IP helper address is definitely correct, just double checked it

 

i tried ip routing and show ip routing but both commands state "invalid input".

 

I think maybe this is a layer 2 switch? 

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to mikep83

‎02-28-2019 07:32 AM - edited ‎02-28-2019 08:38 AM 

Hello,

What kind of device is 10.9.1.1? Firewall, router, L3 switch?

Because I think this device is the core of your network, right?

Therefore, your ip and vlan help address settings should be in it.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to Jaderson Pessoa

‎02-28-2019 08:56 AM

10.9.1.1 is a layer 3 switch which is managed by our ISP. I have asked them to look into this but they are stumped as well.

 

Why is it that NON radius clients can obtain DHCP, and in meraki it states the vlan is "NATIVE", but then if i disconnect from that SSID and reconnect to Corporate wifi whcih is radius authentication, which should be looking at the same IP range and same DHCP server, it doesnt work?  In meraki i have changed the VLAN to VLAN1 but no joy, I cant get it to say "native" though, it always comes up VLAN1. 

 

but my vlan 1 seems to be set up fine. I just wonder if i am missing something really simple. I am happy to not use VLAN41 now so it is less confusing. Shouldnt VLAN1 work or do i need to change something?

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to mikep83

‎02-28-2019 09:02 AM

What gateway are you using in your end devices?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
mikep83
Level 1
Level 1
In response to Jaderson Pessoa

‎02-28-2019 09:05 AM

just double checked on the DHCP server and the gateway is 10.9.1.1 which should be the managed firewall that the ISP look after.

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to mikep83

‎02-28-2019 09:12 AM

So, your switch is L2 (LOD-BHX-COMMS-2960X-ASW01#), if you need a new vlan like 41, you need create it on switch that is managed by your ISP. They must configure the ip helper address there.

Mark as solved and helpful, if possible.

thanks in advance.
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card