4

Here is how our network is setup: We have one Sonicwall NSA 3500 that feeds internet to the entire campus. Connected to the Sonicwall is a Dell PowerConnect 5548. Connected to that are the 4 main UAP's (Ubiquiti UniFi access points) for the main building. The controller (software) is connected to the Dell through several unmanaged switches. Other buildings are connected directly to the Sonicwall through 2 Rocket M5's and a NanoBridge.

DHCP is handled by the Sonicwall. There are 2 SSID's Staff and Public

Public is by itself on vlan 205 with 192.168.205.0/24 and a 60 min lease. Staff is not on a vlan and that interface on Sonicwall is shared with computers. The network is 192.168.12.0/24 with a 1440 min lease.

Sonicwall handles all routing with the default settings Also Sonicwall only allows traffic from 205 to go to the WAN, everything else is blocked.

We have had this setup for a couple weeks now, and we have had the Sonicwall and the UAP's for several months without issue. For whatever reason, starting the day before yesterday, certain devices refuse to get an ip address when they connect to either of the wireless networks on any of the UAP's. They instead get a link local address (Which is reported on the controller as their address.)

Each device seems to act consistently, and does not seem tied to brand (Some iPhones have difficulty, some don't etc.): Some won't get on at all. Some will get on if you switch networks several times. Some will get on but occasionally get kicked off then get right back on. Some don't appear to have any issues. (That I have heard about anyway. It is possible all devices are having some kind of issues that just aren't getting noticed/reported.)

We have tried rebooting all equipment, and unplugging everything on the Dell switch except one of the UAP's and the issues continued. Any thoughts?

Sean Goheen
  • 41
  • 1
  • 3
  • 3
    Break out [Wireshark](http://wireshark.org) and see what's going over the wire? Particularly UDP ports 67 and 68. – Chris S Jan 11 '12 at 16:31
  • If I were you I'd go with what Chris S says and I'd also read some logs on your DHCP server. – Lucas Kauffman Jan 11 '12 at 16:38
  • I checked the log and there isn't anything there other then assigning addresses. I also copied all the AP traffic to a port with Wireshark and captured all of the UDP traffic on ports 67-68. PCAP dump here: [link](http://bwoc.cc/DHCPTest.pcap) – Sean Goheen Jan 12 '12 at 19:01
  • So, my boss had me reset the switch to defaults, and it seemed to go away, any ideas on what could have caused it to begin with? – Sean Goheen Jan 13 '12 at 17:03
  • Is the SonicWall releasing the leases back to the pool? It sounds like you're out of IP addresses to dole out. – Ben Plont Nov 12 '15 at 04:18
  • How many devices do you think are at the campus? Are you sure the DHCP pool is big enough to accommodate all of them at peak hours? – EvilTorbalan Dec 12 '15 at 15:19
  • Agree that it sounded just like leases ran out. Do you have a large enough pool for all the devices that could be connected. – Nick Young Jan 11 '16 at 16:41

2 Answers2

1

Is there more than one VLAN tag making it to the unmanaged switches you mentioned? Unmanaged switches tend to be unpredictable when presented with multiple VLANs (and some don't even work with one VLAN). The upstream port may get confused about which VLAN the switch is participating in, in one VLAN at a time, and a reboot may have reset the upstream port it was connected to.

GuitarPicker
  • 394
  • 1
  • 8
-1

I remember setting laptops up for users then sometimes they came back with this issue after a while, 9 times out of 10 if I reentered the wifi password the problem vanished. Never actually got to the bottom of what on earth was going on.

Robin Gill
  • 2,503
  • 13
  • 13
  • They came back with issues of connecting to WiFi, but not being able to pull a DHCP addy?? – Chris S Jan 11 '12 at 16:45
  • Thanks, but they can connect to the AP just fine, they just don't get an ip address. Also one of the networks has no password to reenter. – Sean Goheen Jan 11 '12 at 16:49
  • @ Chris S - Yep - they would connect to the wifi but get 169.254.xxx.xxx addresses. @ Sean Goheen - maybe not relevant to your issue then. – Robin Gill Jan 11 '12 at 17:24