This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I have a Netgear WC7520 that I've been using for a long time successfully both in work and home environments. The need has arisen for a couple of extra SSIDs using tagged VLANs for Guest wi-fi and a testing network. The VLANs are as follows:
VLAN 104 - Home Network
VLAN 107 - Guest Network
VLAN 108 - Testing Network
I have a Netgear M5300-28G with L3 license acting as the core switch and L3 Router, it is also acting as a DHCP Relay to 2x Windows 2012 R2 Servers (DHCP is in HA on these).
The WLC and WAPs communicate over VLAN 104, along with almost everything else on the network. This part works fine, but the other 2 SSIDs do not - when connecting, clients cannot obtain an IP address. Everything on the network itself appears to be fine; I can set an untagged port for both VLANs 107 and 108 on any switch in the house and get an IP address in seconds. It's only over Wireless that the problem seems to exist.
I have tagged the 2 VLANs 107 and 108 on all of the WAP's ethernet ports and also on the port that connects the WLC to the switch. I've also tried shifting the controller to a different switch (a GS748Tv4).
Does anyone have any ideas on what I might be able to do to fix this? It's worth mentioning the support from Netgear on this controller ended long ago, so I'm limited to Community support on this one.
Well, I've finally gotten to the bottom of the mystery and it was far simpler than I thought. The "fault" as it were was a mis-configuration of the DHCP Server on my 2x Server 2012 R2 VMs. I had all of my scopes sitting under a superscope for organisation and tidiness but it turns out that changes the behaviour of DHCP server.
After much research online I found a Superscope is used when you have multiple subnets on the same physical/logical network (i.e. no VLANs but multiple subnets). Going into DHCP, right-clicking each scope and choosing "Remove from Superscope" fixed the problem.
Kindly check the settings of the WC7520 if VLAN 107 and VLAN 108 are both declared on their respective SSIDs. Kindly read pages 77 to 87 of the WC7520 reference manual here about Managing Security Profiles and Profile Groups.
Thanks for your help! I had set those VLANs on the Profiles in the Controller, and just double-checked that they are both correct now when you prompted and everything is right.
I stumbled across that documentation when I was searching for answers earlier, as far as I can tell I've done everything right (Profiles set with VLAN ID, VLAN is tagged on ports going to all WAPs and the Controller).
An interesting discovery I've made tonight is that the DHCP Addresses are being handed to clients if the DHCP server is in the same VLAN as the SSID. For example, if I added a DHCP Server directly on VLAN 107, clients can receive an address. Currently, I am using a DHCP Relay so as not to multi-home the domain controller across a ridiculous number of VLANs.
The DHCP relay is working for all VLANs (about 6 or 7) on Wired devices, and VLAN 104 works on Wireless with the Relay. If it's relevant, the DHCP Relay is running on a Netgear M5300-28G.
Let us try this. Kindly set a static IP address to the wireless clients that you want to connect on the respective SSIDs of VLAN 107 and VLAN 108. Then, check if you will be able to get a reply from other devices connected within the same VLAN as well as check if you will be able to go online wirelessly.
Thanks for the update. The port on the M5300-28G switch that is directly connected to the WC7520 should be set as tagged (T) port. Kindly double-check it. Also, double-check if the port(s) on the M5300-28G switch connected to the access points are also set as tagged (T) ports.
I've just checked and the port is currently configured as a Trunk port and permits the VLANs 104 (Untagged), 107 (tagged), 108 (tagged). I can ping the M5300 when I use a static address so I think those might be working okay, otherwise my other option is to use a General port instead of a Trunk. Let me know what you think.
I've also moved the WC7520 to a GS748Tv4 Switch and tagged the VLANs on the ports but it doesn't seem to work there either. I'm starting to think my culprit may be the M5300 in some way - I've just tried to use a Virtual Machine attached to VLAN 107 via a Tagged VLAN and now I'm getting an IP address from the wrong VLAN (VLAN 104). Nothing is accessible though, unless I give it a static address matching VLAN 107.
Firmware on the M5300 is the latest current - 11.0.0.31.
As for L2 or L3 relay, I'm actually not sure because it works a little differently in the M5300 v11 firmware. Those Knowledgebase articles (and all documentation I can find for the M5300) is for v10 and below, which has a completely different UI and different options to what's in the documentation
I can post some screenshots of the Web UI or parts of my text configuration if that helps?
Well, I've finally gotten to the bottom of the mystery and it was far simpler than I thought. The "fault" as it were was a mis-configuration of the DHCP Server on my 2x Server 2012 R2 VMs. I had all of my scopes sitting under a superscope for organisation and tidiness but it turns out that changes the behaviour of DHCP server.
After much research online I found a Superscope is used when you have multiple subnets on the same physical/logical network (i.e. no VLANs but multiple subnets). Going into DHCP, right-clicking each scope and choosing "Remove from Superscope" fixed the problem.
