We are one of your distributors and I have seen this in several different networks we've setup, but here is my specific situation internally:
Network:
- I have wireless and wired clients sitting on a simple 192.168.201.x network
- These clients frequently use resources from a 192.168.10.x network
Wireless:
- Single IAP-135, running a single SSID configured as Type: "Employee"
Problem:
- When a wireless client tries to reach 192.168.10.1, it would occasionally go to the IAP-135's GUI.
- This does not affect wired clients
My only guess is that at one point, we did have a SSID set up as Type: "Guest" and the VC's randomly selected network happened to be 192.168.10.x. Although that SSID has long been removed, it seems like the IAP / VC is still trying to claim that IP. (And even if the "Guest" SSID is still running, I don't think a randomly created network should be allowed to affect the "Employee" side anyway, right?)
Thanks in advance!
Josh
Here is our current config (with personal info scrubbed)
version 6.1.3.0-3.1.0
virtual-controller-country US
virtual-controller-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name user-wireless
organization user
virtual-controller-ip 192.168.201.5
ntp-server 192.5.41.41
clock timezone Pacific-Time -08 00
rf-band all
dynamic-radius-proxy
ams-ip 192.168.168.100
ams-key xxxxxxxxxxxxxxxxxxxxxxx
allow-new-aps
allowed-ap d8:c7:c8:cb:c9:9a
snmp-server community xxxxxxxxx
arm
wide-bands 5ghz
a-channels 44,48,149,153,157,161,165,44+,149+,157+
min-tx-power 127
max-tx-power 127
band-steering-mode force-5ghz
air-time-fairness-mode preferred-access
client-aware
scanning
rf dot11g-radio-profile
spectrum-monitor
interference-immunity 4
rf dot11a-radio-profile
spectrum-monitor
ip dhcp pool
dns-server 4.2.2.2
domain-name domain.com
lease-time 480
internal-domains
domain-name domain.com
domain-name domain2.com
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
opendns domain2 61661002de7663aa7230bac58c0310a5cb54dd82678557db
device-id 0010D78B763A8693
mas-integration
user guest xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx portal
user josh xxxxxxxxxxxxxxxxxxxxxxxxxx radius
user joe xxxxxxxxxxxxxxxxxxxxxxx radius
user test xxxxxxxxxxxxxxxxxxxxxxx radius
mgmt-user admin xxxxxxxxxxxxxxxxxxxxxxxxx
wlan access-rule default_wired_port_profile
rule any any match any any any permit
wlan access-rule domain2
rule any any match any any any permit
wlan access-rule domain2.com
rule any any match any any any permit
wlan access-rule user
rule any any match any any any permit
wlan access-rule default_dev_rule
rule any any match any any any permit
wlan ssid-profile domain2.com
index 1
type employee
essid domain2.com
wpa-passphrase xxxxxxxxxxxxxxxxxxxxxxxxxxx
opmode wpa2-psk-aes
max-authentication-failures 0
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
blacklist
dmo-channel-utilization-threshold 90
enet-vlan guest
wlan auth-server ca-dc2008
ip 192.168.1.9
port 1812
acctport 1813
key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
wlan captive-portal
background-color 13421823
banner-color 10066431
banner-text "Welcome to the Guest Network."
terms-of-use "Please read and accept terms and conditions and then login."
use-policy "This network is not secure and use it at your own risk."
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
blacklist-time 3600
auth-failure-blacklist-time 3600
ids classification
ids rogue-containment
ids
wireless-containment none
infrastructure-detection-level high
client-detection-level high
infrastructure-protection-level high
client-protection-level high
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
enet0-port-profile default_wired_port_profile
enet1-port-profile default_wired_port_profile
enet2-port-profile default_wired_port_profile
uplink
preemption
enforce none
l3-mobility
#3600