Hello everyone,
Today I will share with you how to deal with a wired client connected to the second port of an AP4051 couldn't get an IP from the DHCP server.
Issue Description:
The scenario is as follows: the customer had a USG FW which was acting as a DHCP server and 2 VLANs: VLAN 100 Teachers (192.168.100.0/24) and VLAN 101 for Students (GW 192.168.101.0/24). Vlan 1 was the management VLAN for the devices: FW-AC-SW-AP. Wireless clients could get an IP address from the service-vlan but the issue was with the wired stations. When the customer connected a station to the second port GE0/0/1 of AP4051, he could receive an IP from VLAN1 since it was allowed on the path to the DHCP server. But, when he made a wired profile for the second port with mode endpoint, ipv4 learning and untagged VLAN 100, the station didn’t get an IP from VLAN 100.
Solution
I tested this scenario and I confirmed that it can work for a wired station to get IP from a separate VLAN or from service vlan that is configured on AC. Below was my config and scenario:
- Topology used:
- Cellphone gets IP from VLAN 101 which is the service-vlan:
-PC gets IP from VLAN 102 which is configured on DHCP server also:
-The configuration that I used for the wired port:
-The configuration on AP after reboot:
Whole configurations:
AP:
#
vlan batch 101 to 102
#
interface GigabitEthernet0/0/0
port hybrid tagged vlan 2 to 4094
stp port priority 48
lldp dot3-tlv power 802.3at
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 102
port hybrid untagged vlan 102
stp port priority 48
work-mode endpoint
lldp dot3-tlv power 802.3at
#
-Switch:
#
vlan batch 100 to 102
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100 to 102
port-isolate enable group 1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 102
#
-AC:
#
vlan batch 100 to 102
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 100 to 102
#
wlan
traffic-profile name default
security-profile name default
security-profile name wlan-net
security wpa-wpa2 psk pass-phrase %^%#!|NcX$(!MHy#YjDey"p!3Dx05.ltMUPEcX5!Pw\/
%^%# aes
security-profile name default-wds
security-profile name default-mesh
ssid-profile name default
ssid-profile name wlan-net
ssid wlan-net
vap-profile name default
vap-profile name wlan-net
service-vlan vlan-id 101
ssid-profile wlan-net
security-profile wlan-net
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
air-scan-profile name default
rrm-profile name default
calibrate auto-channel-select disable
calibrate auto-txpower-select disable
radio-2g-profile name default
radio-5g-profile name default
wids-spoof-profile name default
wids-profile name default
wireless-access-specification
ap-system-profile name default
port-link-profile name default
wired-port-profile name PC1
mode endpoint
vlan pvid 102
vlan untagged 102
wired-port-profile name default
serial-profile name preset-enjoyor-toeap
ap auth-mode no-auth
ap-group name default
ap-group name ap-group1
radio 0
vap-profile wlan-net wlan 1
radio 1
vap-profile wlan-net wlan 1
ap-id 0 type-id 35 ap-mac 00e0-fc9f-6e50 ap-sn 2102354483105063F30A
ap-group ap-group1
wired-port-profile PC1 gigabitethernet 1
provision-ap
#
-DHCP Server:
#
vlan batch 100 to 102
#
interface Vlanif100
ip address 10.23.100.2 255.255.255.0
dhcp select interface
#
interface Vlanif101
ip address 10.23.101.2 255.255.255.0
dhcp select interface
#
interface Vlanif102
ip address 10.23.102.2 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 100 to 102
I advised checking that the AP has the same configuration for the G1 port interface and also that the service VLAN is allowed on the way to the DHCP server.
That is all I want to share with you! Thank you!
