WS C2960x and Unifi Issues

Damon M. · ‎09-07-2018

Hi there!

I have the following issue and cannot find the right solution through google so i need you guy's help!

We are using a WS C2960x switch combined with a Ubiquiti AP AC Pro which is used only by smartphones to connect and be able to browse.

The issue we have is that every one can connect with the AP but not every one is able to browse and have internet. 10-20 % of the people seem to fail with their phone.

The Switch is connected with a PFsense and on the switch is only the AP connected.

The switch is still mainly default settings, only thing i did is configured dhcp snooping so the ports get trusted and configured that DNS would come from the PFsense (DNS server).

Some of the people that failed the have internet had the following error in chrome : DNS_PROBE_FINISHED_BAD_CONFIG

The AP has a static IP and its DNS settings are set on the PF settings.

We also have 2 other AP's running (same model) on which run a WS-C3850 with no issues so far.

Any one any idea what this might be?

Thanks in advance!

Georg Pauwen · ‎09-07-2018

Hello,

which smartphone models are having the problem, and which OS version are they running ?

Damon M. · ‎09-07-2018

It is a variety of all brands ; Samsung s8 (Android 8.0.0 Samsung Exp. 9.0) , Honor 9, Oneplus 6 (Android 8.0.0, OxygenOS 5.0.5) but not limited to android only. iPhone 8 has the same issues.

I have also tested it with 2 laptops in which i had a 50-50 chance of internet.

Alex Pfeil · ‎09-07-2018

Try removing the DHCP snooping. Also, you could upgrade IOS on the switch to rule that out.

Please rate helpful posts.

Damon M. · ‎09-07-2018

But if remove DHCP snooping than my ports will no longer be seen as trusted, can this cause an issue?

Also what i should mention, i did the following config on the AP port (1/0/22) :

- no switch port

- switchport trunk allow vlan 1,2

- switchport mode trunk

- spanning-tree portfast trunk

I found this to setup a Ubiquiti AP with a Cisco switch.

What i noticed so far is : When i configured the DHCP snooping my TXBS whent from +- 200.00 to 1.000.000 - 1.200.000 and than slowly degrading tot 120.000. The moment it went up so high every one was able to connect, the moment it went back down the same issues al over again.

Now when i configured the 'switchport and spanningtree' the TXBS went even further up to 4.500.000 and every seemed to be fixed once again but than it degraded again to the same amount (+- 120.00).

Not sure if this is Coincidence or not.

Picture added for clarification :

Giga.Ether. 1/0/22 = Ubiquiti AP

Giga.Ether. 1/0/23 = PFSense Master

Giga.Ether. 1/0/24 = PFSense Slave

Cisco snelheid aangepast.jpg

Alex Pfeil · ‎09-07-2018

The only reason you would need to do DHCP snooping is if you believe somebody could plug a rogue DHCP server into the switch. I only mean disable and test.

Damon M. · ‎09-08-2018

Ouh okay, thanks for clarifying! I will test once i am back at work (monday) and report back :)

Georg Pauwen · ‎09-08-2018

Hello,

on a side note, which DNS servers did you define in Pfsense (System --> General) ? Also, I think Pfsense has a diagnostics function (Diagnostics --> DNS Lookup), when one of your clients gets the DNS error, run that specific website through the diagnostics and post the results...