Hi list, On 14/11/13 05:52, Mark Lamond wrote: > I have seen this on C4110¹s with 3610 AP¹s on various 8.x software > levels. It caused no end of head scratching!
I've just seen something similar when a client switches from one SSID to another, where the previous role didn't have any access control set, whereas the new one had contain to VLAN - the client would initially DHCP on the previous VLAN before the role change took effect. This was on a 3710 controlled by a V2110 running 08.32.03.0002. I'm only just seeing it now because I'm moving from a basic SSID:VLAN map to one involving roles/policies (including guest > Also, if you are dynamically changing policy using NAC/RADIUS etc the > problem is more likely to occur. There appears to be a transition stage > in the process where your client has the default policy applied. > > With an unrestricted default policy in place if the client happens to > perform a DHCP request during that time it may end up with an address > from the VLAN your AP resides in. > > To add more confusion, by the time you look at the reporting screen it > will show the correct policy applied - yet the client has an invalid IP > it has obtained from the AP VLAN! And because the client has what it > thinks is a valid IP, when the policy finally does change the client > does not request another DHCP address and happily sits there, unable to > communicate. > > Very confusing a wireshark capture taken from the AP radio and > Ethernet interfaces (great feature by the way) proved what was going on. > This all happens in a very short time window, but it is enough for a > DHCP server to answer back and reply to the DHCP request. I forgot about this, I've just done a dump to confirm it. In this case, with an active TCP stream, you can see the TCP session drop while packets are still going out on the original VLAN, and then after a little while packets start going out on the correct one. -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
