06-12-2014 03:12 PM - edited 06-12-2014 03:58 PM
I updated to 4.1 last week and have one strange issue. I have 1 client that keeps getting a IP from the manegment VLAN.
See screenshot. They are joining our guest network which has 1 statically assigned vlan and use's wpa2
Any ideas? Is this just a wierd bug?
06-12-2014 03:28 PM
What's the IP assignment setup under the network ?
Static or network assigned ?
Can you confirm the wired settings to make sure that the VLAN is allow ?
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
06-13-2014 10:51 AM
Here is the guest access config:
wlan ssid-profile Guest enable index 0 type employee essid LogosGuest wpa-passphrase opmode wpa2-psk-aes max-authentication-failures 0 vlan 20 auth-server InternalServer rf-band all captive-portal disable dtim-period 1 inactivity-timeout 1000 broadcast-filter arp g-min-tx-rate 5 multicast-rate-optimization dynamic-multicast-optimization dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64
and wierd port confuigs
wired-port-profile default_wired_port_profile switchport-mode trunk allowed-vlan all native-vlan 1 shutdown access-rule-name default_wired_port_profile speed auto duplex full no poe type employee captive-portal disable no dot1x wired-port-profile wired-instant switchport-mode access allowed-vlan all native-vlan guest no shutdown access-rule-name wired-instant speed auto duplex auto no poe type guest captive-portal disable no dot1x enet0-port-profile default_wired_port_profile uplink preemption enforce none failover-internet-pkt-lost-cnt 10 failover-internet-pkt-send-freq 30 failover-vpn-timeout 180
06-16-2014 08:33 AM
I was finally able to get a hold of one of the laptops. I wandered around to multiple areas served by competely different switches and AP's and was not able to make it get a correct IP address. This weekend I set a allow to any except for the managemnt vlan rule. I will see today if that prevents this from happening. Althouhg I belive it is a bug because it never happened before and that should really not be necessary.
06-16-2014 08:10 PM
I noticed that in your SSID configuration, there were the following:
wlan ssid-profile Guest
May I ask how the ssid-profile name and the essid name is different? Was this configured through CLI instead of UI?
06-17-2014 11:49 AM
That was my sanitizing effort to keep the compnays name out of my post. I missed the essid. They are both the same.
This problem is still happening. Even with access control rules set to expilcity deny access to that network. Is this good enough for a bug report or is there a better way for me to report this?
06-17-2014 12:10 PM
This is definitely strange behavior.
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]