Solved: ESW-520-24P not passing DHCP requests from AP1141

noelpulis · ‎12-14-2011

Hi,

I have a client with the following setup.

Cisco Small Business Switch POE ESW-520-24P with a Wireless Access Point Cisco Aironet AP1141. Both the devices are upgraded to the latest firmware.

Connected to the ESW-520-24P is a Windows 2008 SBS 2011 with DCHP and Domain Controller. Along with the server I have a number of wired computers connected to the switch which do not have any issues and connect to the DHCP server without any problems.

When connecting two wireless devices to the AP1141, they get the IP address and DHCP from the server; but when connecting other devices apart the first two they will fail to connect to the DHCP server and do not get any IP Address. They manage to connect to the Wireless access point but they cannot contact the DHCP server.

I have double checked the configuration and took the AP1141 to my office. The AP worked like a charm with 10 devices. When I returned to the client, the issue occured again.

I have tried changing the port security settings on the ESQ-520-24P to 'unlock' but it didn't work.

A workaround to the issue was to connect the AP1141 directly to the router using a power adapter and skipping the switch.

I couldn't figure out why the switch is not working wit the AP1141 and don't know if there is the possiblity of incompatibility between the two devices. Any help would be appreciated.

Thanks.

Beetlejuice01 · ‎12-16-2011

In your config if i have correctly understand i see:

interface range ethernet e(1-24)

port security max 3

and

interface ethernet e1

description AP1141_1

exit

interface ethernet e2

description AP1141_2

exit

so ther is a limit of 3 mac address on interface where the AP1141 are connected?

This output is much different of cisco switch like 3750, 2960,6500 who i see generally but it seem a port security problem.

View solution in original post

Beetlejuice01 · ‎12-14-2011

So the dhcp relay seem to work... some limit on dhcp pool... lease only with registered mac addres and so on was verified?

noelpulis · ‎12-14-2011

Thanks for the reply. I hvae around 20 wired computers connected to the switch which work with no issues with the DHCP server. But When working with the AP1141 wireless access point, while two devices manage to connect with no problem, if you try to connect a third device to the AP1141 it will fail to get an IP Address.

It seems that the DHCP requests fail to get to the DHCP server or the Switch is blocking the request. From the DHCP server there are no problems since the other wired PCs are working fine.

It seems that DHCP requests from the third device onwards are not passing.

Found an article to set the port security setting on the Switch as 'unlocked' but it didn't solve the problem.

Tried many times to reconfigure and reset the AP and the switch. Nothing changed.

Very strange issue.

Beetlejuice01 · ‎12-14-2011

Yes strange because by default no blocking occure on switched port... so the port is configured as a trunk and no limit of allowed mac address are set on interface... Have you tried to remove the actually working client from ap and see if the other device can connect without the other two? Do you have the possibility to see and post log from the ap?

frank · ‎12-14-2011

I have almost the same exact equipment ESW-540's, autonomyous AP 1142's, SBS 2011. Same issue here but It only seems to happen when I have all three AP's enable and on the same SSID. If I disable two of the AP's most employee seem to be able to connect and pull and IP via DHCP so far. Any Experts?

Beetlejuice01 · ‎12-14-2011

Hi Frank,

your problem is a little bit different, maybe it can be the same things... but you have this problem with 3 ap, when Noel have this issue with more than 2 device connected on the same ap...

So the access points have the feature of bridge disabled, and are in different channel?

noelpulis · ‎12-15-2011

Hi,

Most probably I think it's an AP1141 issue with configuration. I have configured them as both STATIONROLE: ROOT but with different SSIDs.

It seems that I can only connect two devices to the AP1141. After two devices, the other devices manage to connect to the AP1141 but they don't reach the DHCP server or they don't get any IP. From the DHCP server there are no restrictions or reservations. The DHCP server is a Windows Server.

I have also tried isolating the AP1141s and hooked them on the router i.e. Cisco ASA 500 but still the same issue. This is why at this stage I am pointing out that it's an AP1141 config issue.

I will try up some other things, but I even gone through Cisco SmartNet and still not solved the issue.

Thanks.

noelpulis · ‎12-16-2011

Hi All,

I managed to solve the issue by moving the Access Points AP1141 and the DHCP server on a non-managable switch Linksys. It worked immediately with no errors.

So I guess the issue can be pointed on the configuration or incompatibility on the Cisco ESW-520.

Any help would be appreciated since it's a dirty workaround to the issue.

Beetlejuice01 · ‎12-16-2011

Without a configuration of the switch isn't simple give you the necessary help. Could you post the actual configuration ot the switch wher the ap was installed?

noelpulis · ‎12-16-2011

Hi Fabio,

Thanks for your help, please find the configuration below:

http://www.fileserve.com/file/smubkae/running-config.txt

Thanks again.

Beetlejuice01 · ‎12-16-2011

In your config if i have correctly understand i see:

interface range ethernet e(1-24)

port security max 3

and

interface ethernet e1

description AP1141_1

exit

interface ethernet e2

description AP1141_2

exit

so ther is a limit of 3 mac address on interface where the AP1141 are connected?

This output is much different of cisco switch like 3750, 2960,6500 who i see generally but it seem a port security problem.

noelpulis · ‎12-17-2011

Hi Fabio,

Thanks for your help. I noticed a 'Max Entries' option on the 'Port Settings' but didn't think it was limiting to 3 Mac Addresses.

I have an appointment at the client in two days. Will let you know how it goes.

Beetlejuice01 · ‎12-17-2011

Ok, i'm waiting for your news... this explain the first twi client work's well, 2 client mac address and one of the ap for a total of 3 mac... if you have the possibility to do a show log check if you see an err_disable state of the port... but if not configured, depends to the action established by default from the switch.

Beetlejuice01 · ‎12-22-2011

No news? The problem was solved?

noelpulis · ‎12-23-2011

Hi Fabio,

Sorry for not replying before but I was sick till now, hopefully I will be better and go next week at the client to confirm the fix.

Thanks for your help and Happy Christmas and to all.