No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


The incorrect configuration of the S9300 AC tunnel forwarding service VLAN causes the STA can’t associate normally.

Publication Date:  2012-12-04 Views:  116 Downloads:  0

Issue Description

AC is the S9300 VAMPA board, the version is V100R003C01, and the basic network condition is the Layer 2 networking data tunnel forwarding. Above the AP, after configuring and assigning the WLAN service, STA can’t obtain the address, so it can’t associate normally.
In the network, the management VLAN is 800, service VLAN is 101, the port 2 of the S9300 AC connects with the port 1 of the AP, and the AC is the DHCP server, there sets two address pool, and distribute addresses for the AP and STA respectively. We assume the MAC address of the STA is A-B-C, and the basic networking diagram is as followed:

Alarm Information


Handling Process

By making the AC and AP can’t pass the VLAN 101 communication to settle the problem of the MAC drift, so can let the STA can associate to go online normally, the solutions are not only, such as configuring the port 2 as to not permit the service VLAN 101 to pass, then the STA can obtain the address and associate to go online normally.

Root Cause

Because the port2, S9300 LUN board and some other interfaces connecting with the SPU (VAMPA) board are all permitting the service VLAN 101, which causes the MAC drift and make the STA can’t associate to get online normally, the detail analysis is as followed:
(1) The STA sends the DHCP broadcast packet, AP learns the MAC addresses, and the STA address (A-B-C) of the MAC table is corresponding with the wireless devices.
(2) DHCP broadcast packet reaches the AC through the port 2, and the AC has obtained the VLAN 101 attached in the service packet which is de-encapsulated from the CAPWAP packet, the broadcast is sent to the AC’s CPU, and meanwhile broadcasting in the VLAN 101.
(3) Because the outer is the management VLAN 800 while the CAPWAP packet is reaching at the AC, the AC considers the port 2 isn’t the source port which has brought the VLAN 101 TAG packet and then enters into the AC, so the packet after de-capsulated also sends to the port 2.
(4) While this packet reaching at the AP, the AP learns the MAC address, because the source MAC of this packet is the MAC of the STA (A-B-C), the interface corresponding with the MAC address A-B-C in the AP’s MAC table refreshes as to port 1, so there has produces the MAC drift.
(5) After the MAC table refreshing, the AP can’t communicate with the STA via the wireless device, so the STA can’t obtain the IP address, and the STA can’t associate to go online normally.