Version Info: Firewall: USG6300 V500R005C00SPC200, Core Switch: S6720 V200R011C10SPC600 AC: AC6508 V200R010C00SPC700
Issue Description: After terminal connecting the SSID(wireless 802.1x authentication) and input the correct account&password. it shows "NO IP Address", user can't use the internet.
1: Excuting below command on AC6508 to get trace info of terminal mac during testing
trace object mac-address XXXX-XXXX-XXXX
2: Analyzing the trace info, found actually terminal gets IP address during the testing, but always keep changing IP address. Normally, when terminal detect there is IP address conflict, it will reapply for the new IP address.
3: Confirming the vlan info on AC6508 according to the SSID name XXXX_Staff
4: Checking vlan configuration on firewall(terminal gets the IP address from firewall), vlan infomation is normal.
5: Checking other configuration incluing the same IP address segment of vlan 105. normally when we create an nat address-group, will configure the section to an specific IP, not an IP address segment. Also this IP address segement is the same with vlan 105. So when firewall assign the IP of vlan 105 to terminal, terminal will detect it whether it's occupied. Then terminal found it's an IP address of nat IP address pool. Then it thought it's occupied, there is IP address conflict. Then it will release the IP address and reapply. After server times like that, then timeout.
configured same IP address segment for nat address-group with vlan 105
change the nat address-group configuration, configure the section to an specific IP address