Click to follow for practical IT tips!
Requirement DescriptionBrothers, the client’s server room has been renovated, and a technician has been trying to fix the network for several days without success. Let’s take a look at how difficult it is and what problems exist.
First, let’s confirm the device models.
Ready to start.
To debug such a network, a console cable is essential; without it, debugging becomes quite difficult.First, log into the H3C controller using the console cable to check the configuration, then log into the core switch to check the configuration, and finally log into the gateway to check the configuration. This way, we can get an overview of the network configuration before determining the problem.We can see that the wireless controller has an IP address of 172.30.1.2 configured on VLAN 9, and an IP address of 10.10.10.20 configured on VLAN 10.
The Ruijie core switch has DHCP enabled at 172.30.1.1.
The AP connects to the POE switch, with G0/0/24 as the trunk interface, connected to ports 14-22 of the Ruijie core switch, allowing all VLANs, with PVID set to VLAN 9.
Log into the Ruijie router to check the configuration. Two cables are connected: the WAN port connects to the external optical modem, and the LAN port connects to the G0/1 interface of the Ruijie core switch.
I was uncomfortable with the sub-interface addresses configured by the previous network engineer. Even if sub-interfaces are enabled, why do some IP addresses have to be 20 or 126? Why not use 1 or the last IP?Moreover, DHCP is enabled in the corresponding VLAN for each sub-interface, and this DHCP service is enabled on the gateway. The Ruijie core switch only has one DHCP at 172.30.30.1, and the technician said that this address is used for the connection between the AP and AC, but I don’t quite understand.
Additionally, there are two sets of devices for the AP, one from Ruijie and another from H3C, which complicates things.
Moreover, the organizational structure feels particularly chaotic, with unclear thought processes. So many VLANs have been configured, yet there is only one public IP address for the exit. Some devices must be assigned to the same VLAN separately. I may not understand their business, but I believe that network configuration should be simple and easy to understand during the planning phase. This way, even if problems arise later, it will be easier to troubleshoot.
Troubleshooting ProcessFault 1: The first fault phenomenon, the AC cannot learn the AP?
The current feedback is that the AC cannot learn the AP. We have installed dozens of panel APs, but not a single AP can automatically learn. At that time, I suspected whether there was a compatibility issue between the AP and AC versions. The client said that the network was restructured, and it has been like this since then; it was fine before. Now, it is basically determined that there is a configuration problem.
The previous technician manually added an AP, but it was also offline. The CAPWAP tunnel between the AC and AP could not be established. In fact, the CAPWAP tunnel between H3C’s AC and AP is created through VLAN, and there is no need to specify the CAPWAP tunnel IP separately. So we deleted the manually added AP.
Because the configuration here is too chaotic, to completely solve this problem, we must first sort out the topology diagram; otherwise, I really have no clue where to check for issues.I feel that drawing the topology is a necessary step because this is not a simple network architecture, and the configurations have been set by previous technicians. To identify the problem, we must clarify the topology diagram.Suddenly, the topology diagram is sorted out.
Now let’s look at the first issue: why can’t the AC and AP create a CAPWAP tunnel? Why is the AP offline? We mainly need to check the interfaces marked in red to see if there are any configuration issues. The CAPWAP tunnel between H3C’s AC and AP is usually easy to establish as long as the IP address obtained by the AP is in the same subnet as the VLANIF9 172.30.30.2 of the H3C wireless controller, then the AP can automatically come online.
We need to check whether the AP can obtain an address in the 172.30.30.x subnet. As a result, when I connected my computer to the floor POE switch, I obtained the address 192.168.51.19, which is the address of the gateway’s LAN port.
This is very strange; the POE switch interface should obtain an address in the 172.30.30.x subnet.
Checking the configuration of the floor POE switch, all interfaces are configured as trunk interfaces, allowing all VLANs to pass, with the native VLAN set to 9.Logically, when this interface is configured as a trunk and the native VLAN is changed to VLAN 9, it should only be able to obtain an IP address from VLAN 9. Why is it still able to obtain an address from the gateway’s LAN port in the 192.168.50.x subnet?
So, I took a POE switch and an AP downstairs to debug together; this makes troubleshooting easier.
Connect the panel AP to the floor POE switch that was taken down.
Find an interface on the POE switch and connect it to ports 14-22 of the Ruijie core switch.
When I checked the interfaces on the core switch connected to the POE switch, I found that there were no allowed VLANs, so I configured it to allow all VLANs to pass.
However, after completing the configuration, I found that the configuration still only showed trunk interfaces, and there was no option to allow all VLANs to pass. Is it possible that the default is to allow all VLANs to pass?
Could it be that there is a problem with the DHCP on the core switch? So I assigned port 8 of the wireless controller to VLAN 9.
Then, I connected my computer to port 8 of the wireless controller and found that I could also obtain a 172.30.1.x address, but sometimes it was a bit slow to obtain.
However, after a while, I was able to obtain the IP address again.
When I connected G0/14 of the Ruijie core switch to G1/0/24 of the disassembled floor POE switch, I also configured a native VLAN 9 for G0/14.
After adding the PVID 9 configuration to the interfaces connecting the core switch to the POE switch, the AP was able to come online automatically. I still can’t figure out why this happened; can anyone explain?
Now that the APs are online, there is still one issue: sometimes when the computer connects to the POE switch, it does not obtain an IP address in the 172.30.1.x subnet.
Instead, it obtains an address in the 172.40.0.x subnet. Why is that?
After careful examination, I found that the gateway configured with 172.40.1.1 255.255.255.0 is also VLAN 9, and DHCP service is enabled. Meanwhile, there is also a VLAN 9 172.30.1.1 on the core switch with DHCP enabled, which means there are two DHCP servers in VLAN 9.
Problem 2: When the phone connects to the wireless network, it cannot obtain an IP address. Let’s take a look at the configuration.
So, I created a test SSID to check.Create a test SSID with default VLAN 2, and the wireless will obtain the IP address of the gateway’s sub-interface VLAN 2 to access the internet. Choose centralized forwarding, so all client data must be forwarded to the AC controller, which then forwards it to the core switch, and from the core switch to the gateway.
Default VLAN (Default VLAN) is the default VLAN assigned to users when no specific VLAN is specified. The AC will tag the traffic with this VLAN before forwarding it to the upper network.
Do not set a password for now; just bind all APs.
It can be seen that the configuration is complete, and the default VLAN is set to 2.
Then connect to the test SSID and find it works normally.
Now let’s find out why the previous signal cannot obtain an address.
Checking the wireless SSID, I found that the default VLAN is VLAN 9. It uses local forwarding because the interfaces of the POE switch connected to the AP are all trunk ports, allowing all VLANs to pass. Therefore, it can be set to local forwarding. If the interfaces connected to the POE switch are access ports, then centralized forwarding must be used when creating the wireless.
If local forwarding is selected, it will require filling in the local forwarding VLAN.
If we change the default VLAN to 2 and the local forwarding VLAN to 2, the phone still cannot obtain an IP address.
We need to change the default VLAN to 2 and the local forwarding VLAN to 1; only then can we obtain an IP address.
Wireless user data trafficis processed locally by the AP (without going through the AC), and the AP will tag the user traffic with the configuredlocal forwarding VLAN tag and directly forward it to the target network through the uplink switch.
At this point, an IP address can be obtained.
Now, 40 APs are online.
Now there is still one problem: when the configured AP is in the 172.30.1.x subnet, and the computer connects to the wired network, it is also in the 172.30.1.x subnet. Since the gateway has not configured the 172.30.1.x subnet, this subnet cannot access the internet.Finally, I deleted all VLAN 9 configurations on the core switch, assigned the tunnels created by the AP and AC to VLAN 2, added VLAN 2 192.168.64.1 to the AC controller, and set the PVID of the core switch’s G14-22 connected to the POE switch to 2. Now, most of the issues have been resolved.Related Articles:
- The client’s hotel network was interrupted, very urgent, with numerous complaints. It required three manufacturers’ engineers to debug, and I felt overwhelmed! Why can’t the H3C AP provide IP addresses to phones and computers?
- Brothers, what do you think? It’s strange, restoring the H3C switch to factory settings? It seems simple, but every time I restore it, I have to look for the documentation?
- H3C switch commands to assign multiple interfaces to VLAN? What to do if there is no batch command?
- This firewall mapping configuration exceeds my understanding, H3C secpath acg1000 firewall mapping configuration!
- How to configure AP local forwarding data on H3C wireless controller, detailed configuration method.
- The most practical H3C network debugging article, how to configure the enterprise H3C application gateway + POE switch + AC + AP?
- When creating a CAPWAP tunnel between Huawei, Cisco, and H3C, will a separate CAPWAP tunnel interface IP be specified?
- Brothers, the simplest and most straightforward article on Huawei wireless is here, wireless configuration directly connected to layer 2 networking and direct forwarding (Part 1)
- With these two articles, you can handle all Huawei wireless configurations for direct layer 2 networking and direct forwarding (Part 2)
- Huawei wireless configuration for direct layer 2 networking tunnel forwarding. Each article is simpler than the last; follow our steps to complete the wireless network setup.
- Detailed explanation of Huawei AC side-hanging layer 2 networking configuration: from DHCP deployment to wireless service configuration, step by step to complete network setup.
- Brothers, if you can’t learn after reading this article, I’ll teach you personally! How to configure Huawei wireless AC controller side-hanging layer 2 networking tunnel forwarding?
- When creating a CAPWAP tunnel between Huawei, Cisco, and H3C, will a separate CAPWAP tunnel interface IP be specified?
- Why can the AP issue data VLAN 30 and VLAN 40 when the AP is connected to the switch interface VLAN 20 after establishing the CAPWAP tunnel with the AC?
- How was the CAPWAP tunnel created between H3C’s AC and AP?