Issues configuring VLANs on Single AP Deployment of 7372

  • 2
  • Question
  • Updated 3 years ago
Hi Everyone,

As a preface, I worked with Ruckus support directly on this issue and the tech stated that my configuration looks correct and it might be the AP, but I am having this issue on another AP as well.

In short, when attempting to connect to either of the SSIDs from the AP, it sits at the point where it states "Obtaining IP Address" but the device never hands out the address.

In this environment, I have a SonicWall NSA 220 with two VLANs configured as 10 and 20. The 10 VLAN is for the corporate WIFI and is a seperate subnet from their primary subnet. The same is true for VLAN 20 as well but this is another subnet for the guest network.

DHCP is turned on on the SonicWall for both of these VLANs. The AP is connected to a 1900 series HP POE switch on port 9 which is untagged on VLAN1 (default VLAN) and has tagged memebership on VLAN 10 and 20. Then on the AP itself, obviously each SSID is specified to use the specific VLAN.

I simply can't figure out why the hell this device is unable to assign an address out from the WAP. Does anyone have any ideas or can maybe set me on the right path? Please let me know if you require more information.
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
  • confused

Posted 3 years ago

  • 2
Photo of Daniel M

Daniel M

  • 43 Posts
  • 9 Reply Likes
Did you configure the port the SonicWALL is connected to correctly? Fire up a packet monitor and see what’s going on—if your switch supports it, port monitoring/mirroring might be helpful. Start tracing the path—for example, do you see a client broadcasting a DHCPDISCOVER packet? Does the SonicWALL receive this DHCP packet? Is the SonicWALL replying with a DHCPOFFER? I have a similar configuration at home with a single 7982, HP PoE switch and VLANs with zero issues.
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
On the switch, the port that the SonicWall is connected has the same membership to to the VLANs as the WAP.

Sounds like I might have to start doing some port mirroring to track this issue down but I was hoping to avoid that.

I too have had zero issues previously doing this same exact configuration for other clients on the 7363's with nearly similar hardware setups.
Photo of Erik Farey

Erik Farey

  • 11 Posts
  • 1 Reply Like
I am guessing that you get an IP from an access port on the switch that is in either VLAN 10 or 20. That would rule out the switch and sonicwall. I am also guessing that you have all of the trunking set up correctly on the switch with regard to the VLANs and any DHCP snooping if you are running that.

I have a 7372 set up the same way and don't have any issues. I have the Ethernet ports set as trunks and don't have option 82 enabled as that caused issues with my switches dhcp snooping. I then has some SSID's tagging on seperate VLANs and some riding on the default VLAN untagged.

Have you tried a static IP on you wireless client to see if its just a DHCP issue?
Photo of Victor Tort

Victor Tort

  • 20 Posts
  • 1 Reply Like
Try this command

set interface type vlan-trunk untag none, where interface is the interface connected to your switch.
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
Thanks for the replies everyone. I'm curious as to where you want me to run this command? SSH into the Wireless AP?

Erik, yes that is correct, I have done that in my testing to rule out the switch and the sonicwall. I have not tried setting a static IP, but I should definitely do that! What a rookie mistake.
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
Victor, the command does not seem to have the correct syntax. Any suggestions on that?
Photo of Victor Tort

Victor Tort

  • 20 Posts
  • 1 Reply Like
Hi Steven,

According to my AP, the syntaxis is ok. Here are some examples

Examples:
-> set interface eth0 type access untag 35
(allow vlan 35; untagged 35)

-> set interface eth1 type vlan-trunk untag 35
(allow vlan 1-4094; untagged 35)

-> set interface eth1 type vlan-trunk untag none
(allow vlan 1-4094; no untagged packets)

-> set interface eth1 type general untag none vlans 1-1000,2000,4000-4094
(allow vlan 1-1000,2000,4000-4094; no untagged packets)

-> set interface eth2 forward l2tp type access untag 100
(tunnel eth2 via l2tp; allow vlan 100; untagged 100)
-------------------------------------------------------------

This output is from an AP running 9.8.1 but it is the same for older releases
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
Hmm, running that command caused me to lose access to the device :(
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
Bump.

Still having an issue. Ruckus Support has also continued to be absolutely no help with this issue either. Anyone have any further ideas that they can help me with?

It may be time to switch to a different product. Aerohive is sending me some trial units so I can test VLAN capabilities.
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
Also, same issue with a ZoneDirector involved as well....
Photo of Cordelia Naumann

Cordelia Naumann

  • 47 Posts
  • 5 Reply Likes
Hi Steven,

I went and looked at your recent cases and I saw that you last talked with a TSE in late November. We tried to contact you to see if we resolved your issue re: the AP -- perhaps you were on vacation or did not receive the pings? Can we open another case for you with one of our Tier 2 specialists?

We want to make sure we give you the full support you need.

Best regards,

Cordelia
Photo of Raghavendra Raghavendra

Raghavendra Raghavendra

  • 8 Posts
  • 1 Reply Like
Hi Steven,

As per our last discussion, everything is working fine without any issue.
Any further queries please do let us know.

Regards,
Raghavendra.
Photo of Steven yurgelevic

Steven yurgelevic

  • 8 Posts
  • 0 Reply Likes
Yep, would like to let everyone know who reads this that the 100.x version firmware for the devices seems to resolve the issue.

Anyone have an idea what change was made that might have helped resolve this?
Photo of Raghavendra Raghavendra

Raghavendra Raghavendra

  • 8 Posts
  • 1 Reply Like
Hi Steven, 

We need to debug live by taking packet captures. It should have worked on previous code but not sure what happened.

If you have some time, we can definitely do some more debugging to find the root cause.

Thanks & Regards,
Raghavendra.