NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
M5300-52G3 and M5300-28GF3 traffic loss
Hi,
I have a case open with Netgear about this but thought it worth asking here in case anyone has seen anything similar.
I have an M5300-52G3 and an M5300-28GF3 linked as a remote stack via 10Gb fibre using AXM761 SFP+ modules in the 10Gb front ports on each switch.
Each has a number of GS748TP PoE switches attached for wifi access and a number of GS748T switches for desktops/printers etc.
Access points are on a management VLAN (3) and carry five other VLANS for various wifi networks (VLANS 10, 20, 24, 28 and 32). The ports that the access points plug into on the 748TPs are configured as tagged for VLANS 10, 20, 24, 28, 32, untagged for VLAN 3 and have a PVID of 3. The 748TP trunks back to the stack have all VLANS tagged. On the stack trunk ports connected to the 748s the VLANS are all set as tagged.
VLAN 3 is subnet 192.168.2.0/24 and is the management VLAN for the wifi
VLAN 10 is subnet 10.3.28.0/22 and is the main campus VLAN for wired desktops and wifi devices that can't do RADIUS so use a PSK
VLAN 24 is subnet 192.168.24.0/22 and is the main VLAN for WPA2/AES RADIUS authenticated staff wifi access, mostly laptops which aren't domain members.
Other VLAN configs don't matter too much as they all have the problem I'm coming to in a bit.
There is a Windows Server 2008 R2 DC at 10.3.28.3 running DHCP for all scopes and NPS for RADIUS authentication. It is plugged in to a port on the 52G3 that is a member of VLAN 10 only and has a PVID of 10.
The switch stack is configured for DHCP relay and is using static routing between all of the VLANS mentioned so far.
The issue I'm having is that everything on VLAN 10 works fine and dandy but on VLANs that use WPA/AES authentication via RADIUS a lot of RADIUS traffic seems to be going missing. Access points connected via the 52G3 mostly seem to be working okay but 99% of RADIUS connections from access points connected via the 28GF3 don't seem to be making it over the stack link to the server. Consequently nobody can connect to the wifi on that site and we are having to drop them on to the WPA/PSK network as a workaround. Bizarrely, a few RADIUS requests do manage to make it across so it's unlikely to be a misconfiguration, else none would make it.
Our previous configuration (based on a forerunner of the M5300-52G3, the GSM7352Sv1) had exactly the same configuration apart from stacking and worked flawlessly so I'm convinced that the server and wifi side of things is not at fault since nothing has changed on them.
Anyone got any ideas what might be going on here? I'm completely stumped.
3 Replies
- Hi,
Did you solve your problems? Is it any UDP traffic that has a problem with your distributed stack, or just RADIUS?
Moby - Hi Moby,
We did solve it in the end, but in one of those unsatisfactory sorts of ways where we still don't actually know the source of the problem or what actually fixed it.
The thing that seemed to cure it was to change the configuration to an alternate setting, then change it back to the original, which then worked when it hadn't before.
The specific changes were to make the AP's tag their own management traffic at source and mark their ports on the switches as tagged for that VLAN. This resulted in a completely unusable wifi setup; none of the APs could see anything else on the network other then itself. That being a disastrous attempt I reverted to having the AP's not tag their management traffic at source and the switch ports to untagged for that VLAN and hey presto, it worked.
So it went:
Config A: not really working but sometimes working
Config B: not working at all
Back to Config A: works flawlessly.
Totally bizarre.
In answer to your question about UDP traffic, it seemed to be just RADIUS traffic that was dropping. - Just to clarify, it was the configs on the AP's and the GS748TP switches that I changed, nothing changed on the M5300's.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
