No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Wired client connected to the second port of an AP4051 couldn’t get an IP from DHCP server

Publication Date:  2018-01-31 Views:  119 Downloads:  0
Issue Description

The scenario is as follow: the customer had an USG FW which was acting as a DHCP server and VLANs: VLAN 100 Teachers( 192.168.100.0/24) and VLAN 101 for Students(GW 192.168.101.0/24) . Vlan 1 was the management VLAN for the devices: FW-AC-SW-AP. Wireless clients could get an IP address from the service-vlan but the issue was with the wired stations. When the customer connected a station to the second port GE0/0/1 of AP4051, he could receive an IP from VLAN1 since it was allowed on the path to DHCP server . But, when he made an wired profile for the second port with mode endpoint, ipv4 learning and untagged VLAN 100, the station didn’t get an IP from VLAN 100.

Solution

I tested this scenario and I confirmed that it can work for a wired station to get IP from a separate VLAN or from service vlan that is configured on AC. Below was my config and scenario :
- topology used :

-     -cellphone gets IP from VLAN 101 which is the service-vlan :

-   --PC gets IP from VLAN 102 which is configured on DHCP server also :

-     -configuration that I used for wired port :


-   --configuration on AP after reboot :


Whole configurations :

-AP :


#
vlan batch 101 to 102
#
interface GigabitEthernet0/0/0
port hybrid tagged vlan 2 to 4094
stp port priority 48
lldp dot3-tlv power 802.3at
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 102
port hybrid untagged vlan 102
stp port priority 48
work-mode endpoint
lldp dot3-tlv power 802.3at
#
 
-Switch :
#
vlan batch 100 to 102
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 102
#
 
-AC:

#
vlan batch 100 to 102
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 102
#
wlan
traffic-profile name default
security-profile name default
security-profile name wlan-net
  security wpa-wpa2 psk pass-phrase %^%#!|NcX$(!MHy#YjDey"p!3Dx05.ltMUPEcX5!Pw\/
%^%# aes
security-profile name default-wds
security-profile name default-mesh
ssid-profile name default
ssid-profile name wlan-net
  ssid wlan-net
vap-profile name default
vap-profile name wlan-net
  service-vlan vlan-id 101
  ssid-profile wlan-net
  security-profile wlan-net
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
  calibrate auto-channel-select disable
  calibrate auto-txpower-select disable
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name PC1
  mode endpoint
  vlan pvid 102
  vlan untagged 102
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
 ap auth-mode no-auth
ap-group name default
ap-group name ap-group1
  radio 0
   vap-profile wlan-net wlan 1
  radio 1
   vap-profile wlan-net wlan 1
ap-id 0 type-id 35 ap-mac 00e0-fc9f-6e50 ap-sn 2102354483105063F30A
  ap-group ap-group1
  wired-port-profile PC1 gigabitethernet 1
provision-ap
#
 
-DHCP Server :
#
vlan batch 100 to 102
#
interface Vlanif100
ip address 10.23.100.2 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 10.23.101.2 255.255.255.0
dhcp select interface
#
interface Vlanif102
ip address 10.23.102.2 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102

 

I advised to check that the AP has the same configuration for the G1 port interface and also that the service vlan is allowed on the way to DHCP server. 

END