We are in the process of moving one of our controllers into a new datacenter and as part of that process, we are reconfiguring the way we controller guest and employee Internet access. I have a test AP connected to the new controller and have the guest VLAN configured properly and have the helper addresses of the DHCP servers configured on the VLAN but never receive a DHCP offer message on a test client (running wireshark on the test to confirm). I have debugging enabled on the controller and the controller is seeing the offer message but never relaying it back to the client. Thoughts?
Is the guest traffic being natted?
No, guest traffic is not being NAT'd, however, the guest VLAN is essentially unroutable to anywhere on the internal network. The VLAN interface on the controller has an address in that subnet, and the firewall is set as the gateway on that subnet but otherwise no routes exist on the routers or switches. The guest VLAN is set to tunneled mode on the VAP.
In practice, the DHCP server needs to be able to route back to the DHCP gateway ip address to know how to deliver the DHCP packet, because the client does not have an ip address. If the default gateway is not routable, the DHCP server will not be able to deliver the packet. You probably have to host DHCP on the controller to make this work.
What you are saying makes complete sense to me. What I find interesting is that the DHCP offer message does make it back to the controller (as seen in the logs on the controller) but it is never delivered back to the client that requested it. If you watch the controller logs and wireshark on the client at the same time, you can see the client run DHCP discovery over and over and see the DHCP offers coming back on the controller but those offer packets never make the trip back to the client.
Running DHCP server on the controller may be the answer, but my company was purchased by another company that runs Cisco wireless so for now at least we are running both systems side by side in the datacenter feeding wireless to different parts of the company and they want both systems configured the same way which is why I'm trying to work this out. They claim to have Cisco working with the current configuration although I've personally seen it.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.