• June 22, 2018, 04:18:48 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Can't use specific vlan on wireless, works on wired  (Read 1753 times)

0 Members and 1 Guest are viewing this topic.

Offline jcoehoorn

  • Jr. Member
  • **
  • Posts: 39
Can't use specific vlan on wireless, works on wired
« on: April 12, 2016, 11:40:41 AM »
I have a small college campus with an RFS 4010 controller running 5.8.2. My network has vlans divided (in part) by location of the building. I have a management vlan id #1 that includes the management interface for my controller, as well as for all of the APs, no matter what building they are in.

One of my buildings uses vlan 13 for all of the clients, whether wired or wireless. This is a residential building, and so combining the wired and wireless clients into a single vlan allows easier discovery for things like AppleTVs and wireless printers. The building has a mix of AP7502 and AP7522 access points. We also have the access points bridge local rather than tunnel to the controller.

This worked fine for a very long time. Recently, though, I started getting complaints that users could not get online in this building. In my testing, I was able to join the wlan but was not able to get a dhcp address. Additionally, I could not use the network even if I entered static address information. After a lot of digging, I was able to get a temporary solution by moving the wireless clients in this building to a different vlan/subnet (vlan id #12).

Here's the trick: wired clients in this building are still using the same vlan/subnet they always have. Setting up another access point in another location to use vlan 13 exhibits the same problem, but connecting directly to a switch port configured for vlan 13 does not. This eliminates my dhcp server or any switching/network settings as the source of the problem. In fact, I can even connect and use the network on this vlan from the stricken building when I'm plugged into a wired port on a 7502 access point. It's only when someone tries to use the wireless network that they have a problem. The ONLY change I made to get people working was to change the vlan id used by the wlan to share a vlan/subnet assigned to another building.

This should means the configuration on the access points is okay, and indeed I can't spot anything at all different about how this subnet is configured.

I'd like to get vlan 13 working again in this building. More than that, I'd like to understand what is happening. Any ideas on what might be going on?


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Can't use specific vlan on wireless, works on wired
« Reply #1 on: April 15, 2016, 01:45:50 AM »
Whenever something has worked for a long time and then suddenly stops working, surely something must have changed. If not on the AP then maybe on the switches?

Did you know that the APs have the capability to run packets captures in a number of locations (wireless, radio, vlan, interface etc). What do the packets say when the issue occurring?

Offline jcoehoorn

  • Jr. Member
  • **
  • Posts: 39
Re: Can't use specific vlan on wireless, works on wired
« Reply #2 on: May 23, 2016, 10:57:33 AM »
Just to follow up on this, I still don't know what changed...

... but it turns out the wired ports weren't working as well as I thought. I've now had wired devices that also won't connect for just this vlan, where changing the vlan on the switch port fixes the device. For some reason the wired was more likely to succeed, at least for a while. I think perhaps it took a dhcp lease renew for an existing wired device to break, and so I had a lot of wired devices that only seemed to still work. Additionally, I've had some devices (both wired and wireless) that can still get on the network, with no rhyme or reason I can find for devices that work.

My suspicion is a student's network card went bad and started screaming out noise into the line that the switches were confining to that vlan/broadcast domain, or possibly the device became infected and was trying to poison ARP, though I think I would have detected the latter. It could also be a routing loop within the vlan, but I would think spanning-tree would have at least limited that to a single switch.

I ended up just moving the whole vlan to a new subnet and vlan ID. I had tried this earlier with no luck, but now that students have gone home it seems to be working, again making me a think the problem was a misbehaving student device.
« Last Edit: May 23, 2016, 11:24:46 AM by jcoehoorn »

Offline jcoehoorn

  • Jr. Member
  • **
  • Posts: 39
Re: Can't use specific vlan on wireless, works on wired
« Reply #3 on: May 27, 2016, 10:10:12 AM »
...and I spoke too soon.

Another event this week, some further troubleshooting, and one of my 7502's is doing weird things to whatever vlan I assign for the wired ports. Take it out, and everything is fine.

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3837
    • michaelfmcnamara
    • Michael McNamara
Re: Can't use specific vlan on wireless, works on wired
« Reply #4 on: June 04, 2016, 08:52:59 AM »
Thanks for posting the follow-up!

Cheers!
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!