STAs Cannot Obtain IP Addresses
All STAs Associated with an AP Cannot Obtain IP Addresses Automatically in DHCP Mode
Fault Symptom
All STAs associated with an AP cannot obtain IP addresses automatically in DHCP mode.
Procedure
- Check whether the undo dhcp trust port command is configured.
Error-prone configuration: The undo dhcp trust port command is configured in the AP wired port profile, causing STAs' failures to obtain IP addresses.
[AC-wlan-view] wired-port-profile name p1 [AC-wlan-wired-port-p1] undo dhcp trust port //If the DHCP trusted port function is disabled in direct forwarding mode, STAs cannot obtain IP addresses.
Suggestion: Configure the dhcp trust port command.
- Check whether VLANs are created and added to the allowed list on intermediate networks.
- Direct forwarding
- Check whether service VLANs are created on the AC and intermediate devices.
- Check whether VLANs are in the allowed list of the AC and intermediate devices.
- Tunnel forwarding
Check whether service VLANs are created and added to the allowed list on the AC.
Error-prone configuration: Service VLANs are not created or not added to the allowed list on the AC, causing disconnection of intermediate networks.
Suggestion: Create service VLANs and add them to the allowed list on the AC.
- Direct forwarding
New STAs Cannot Obtain IP Addresses While Online STAs Have IP Addresses
Fault Symptom
In direct forwarding mode, DHCP snooping is configured on an access switch. When the DHCP snooping binding table is full, excess STAs cannot obtain IP addresses.
Procedure
- Check whether DHCP snooping is configured on the access switch and whether the current binding table is full.
Error-prone configuration:
[Switch] display current-configuration | include dhcp snooping [Switch] display dhcp snooping ... Dhcp user max number : 100 //Maximum number of DHCP users Current dhcp user number : 10 //Number of current DHCP users ...
Suggestion: DHCP snooping is enabled by default on APs. Therefore, disable DHCP snooping on the access switch. If DHCP snooping is required, run the dhcp snooping enable no-user-binding command on the port connecting the access switch to the AP to disable the port from generating DHCP snooping binding entries.
STAs Cannot Obtain IP Addresses Occasionally
Fault Symptom
The auto-defend action deny timer 60 command is configured on the AC serving as a DHCP relay agent. As a result, the AC discards packets from the DHCP server, causing STAs' failures to obtain IP addresses.
Procedure
- Check whether STAs fail to obtain IP addresses occasionally because attack source punishment is configured.
Error-prone configuration:
<AC> display current-configuration | include cpu-defend
Suggestion: Check whether DHCP packet attacks exist, and take caution when configuring attack source punishment.
- Check whether VLAN 1 is configured as a service VLAN.
Error-prone configuration:
<AC> display current-configuration | include service-vlan
Suggestion: Properly plan service VLANs and avoid configuring VLAN 1 as a service VLAN.
[AC-wlan-view] vap-profile name vap1 [AC-wlan-vap-prof-vap1] service-vlan vlan-id 101