Business Community > WiFi > No Internet - WiFi - DHCP\DNS?
< WiFi

No Internet - WiFi - DHCP\DNS?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

No Internet - WiFi - DHCP\DNS?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
No Internet - WiFi - DHCP\DNS?
No Internet - WiFi - DHCP\DNS?
2020-10-14 09:53:29

I wonder if somebody could have a look at this config as I'm having issues with a certain WiFi VLAN that is accessed on EAP225 & 245 and controlled by OC200 (SDN).

 

Issue: Connecting to VLAN30, my client devices connect and get a DHCP IP address (all statically configured for this particular VLAN via DHCP) and shows DNS as connected. However, 'No Internet' is shown. Sometimes after several minutes, it will connect to the internet. The issue appears to be temperamental. 

 

I did change my DNS from an Edgerouter to a Pi-hole (both on VLAN1), however, since the upgrade to SDN I had, had already experienced some issues with the WiFi, showing 'No internet' and then connecting to correct SSID. Another issues since SDN is roaming between the EAP225 & 245. Extremely slow to pick up the stronger signal but this worked perfectly before the upgrade (no fast roaming etc set, I just use Max RSSI to achieve the desired result).

 

Hardware

Edgerouter ERX

 

DHCP on, statically assigned IPs for devices (generally)

DHCP server = 'use-dnsmasq'

VLANS  = each have their own subnet & DHCP

VLAN1 (IPs range changed on this thread, as public) 10.10.1.1

VLAN30 10.10.30.1

 

OC200 10.10.1.3 statically assigned from DHCP 10.20.1.1 range (static IP table)

 

EAPS

225 10.10.1.4 statically assigned from DHCP 10.20.1.1 range (static IP table)

245 10.10.1.5 statically assigned from DHCP 10.20.1.1 range (static IP table)

 

Settings in Omada software =  all DHCP assigned from 10.10.1.1 (as above)

 

DNS FORWARDING Settings

Name-server = 10.10.1.253 (Pi-Hole)

Listin On = All switch0 interfaces (including VLAN30)

 

System name-server = 127.0.0.1

 

Pi-hole

DNS 1.1.1.2, 1.0.0.2

 

All VLANS in the individaul DHCP setup are configured to use their own DNS i.e. 10.10.1.1 = VLAN1, 10.10.30.1 = VLAN30

 

Now, as I understand it, DNS requests will be forwarded from each DHCP VLAN service back to the router DHCPs (10.10.1.1, 10.10.30.1), which will forward on to the Pi-hole 10.10.1.253 (DNS forwarding) and can use DNSmasq.Is this correct or should the 'name-server' be the routers IP of 10.10.1.1 and not 127.0.0.1? This is the onlt thing I can think off thats possibly throwing the errors but what is strange its only what is conencted on the EAPs, all other hard wired VLANs are fine and have the same DNS\DHCP setups.

 

All VLAN local In firewalls have rules for DHCP and DNS to be allowed to the Pi-hole address.

 

Ethernet ports on the router are in a swtich config and those connected to the OC200 have a PVID=1(U) the EAPS=PVID=1(U),30 (T), VLAN1 trunk to switch (U), all other VLANS tagged.

 

Finally, as stated its only the EAP connected devices that have this issue, no ethernet based connections do. I remember prior to SDN that both the OC200 & EAPs were a bit finicky with their DHCP.

 

 

 

 

  0      
 
  0      
 
#1
Options
9 Reply
Re:No Internet - WiFi - DHCP\DNS?
2020-10-14 10:37:31

@Pugs 

 

Further stats from router

 

------Name Servers configured for DNS forwarding--------

 

10.10.1.253 available via statically configured

127.0.0.1  available via optionally configured

 

---------------------------------

 

are the EAPs the issue here and how they aquire DNS and why the 'no Internet' and slow aquiering of SSIDs\roaming?

  0  
  0  
#2
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-14 11:43:49 - last edited 2020-10-14 12:34:02

@Pugs, if you propagate 127.0.0.1 as the name server to clients, they will try to resolve domain names by connecting to  their localhost interface. This can't work. If there is a valid fall-back, this explains the delay in name server lookups.

 

I'm still not sure about your network setup. If you set a Mgmt VLAN (as discussed in another thread), EAPs will process tagged frames, not untagged frames. And IP 10.10.1.4 can't be assigned from a 10.20.1.1 DHCP range.

 

VLAN 1 untagged is not a VLAN, but VLAN 1 is the VLAN to be used for untagged frames, that's a big difference. In fact, inside a VLAN network there are no untagged frames.

 

I would not mix untagged frames and tagged frames on a switch or router port.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#3
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-14 13:15:52

@R1D2 

 

Thanks, the 127.0.0.1 is the loopback for the router itself (i believe) and is often quoted in the Edgerouter setups for DNS but I will give it a go and use name server=router ip address instead. What i want is DNSmasq and all vlans to use the pi-hole as their interface which involves DNS forwarding at thr router level

  0  
  0  
#4
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-14 13:18:05

@R1D2 

 

Sorry this is a typo

 

EAPS

225 10.10.1.4 statically assigned from DHCP 10.20.1.1 range (static IP table)

245 10.10.1.5 statically assigned from DHCP 10.20.1.1 range (static IP table)

 

Should read

 

EAPS

225 10.10.1.4 statically assigned from DHCP 10.10.1.1 range (static IP table)

245 10.10.1.5 statically assigned from DHCP 10.10.1.1 range (static IP table)

  0  
  0  
#5
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-14 22:26:07 - last edited 2020-10-14 22:44:26

@Pugs,

 

I recommend to use standard ISC DHCP/DNS server on the ER-X, which is the default DHCP/DNS server. dnsmasq has no advantage over the ISC DHCP/DNS server. The following settings are related to the ISC DHCP/DNS server.

 

In dhcp-server config section, enter the IP address of the ER-X as dns-server. This is the IP the DHCP server propagates to clients.

 

In dns config section set up a caching server (cache-size 1500), forwarder is your pi-hole (name-server 10.10.1.253).

The latter setting is not to be confused with the router's name server setting (name-server 127.0.0.1) in the system config section!

 

Have the caching DNS server listen on both VLANs 1 and 30, that's either on interfaces eth0.1 and eth0.30 or on VIFs switch0.1 and switch0.30 depending on your setup.

 

Change the trunk from ER-X to the switch to tagged for both VLANs (do not set a PVID on the ER-X for the port, just VLAN memberships).

 

Now, set up two access ports on the switch, one for each VLAN. Connect a laptop to those ports, check IPs, DNS and default gateway set by DHCP in each VLAN.

 

If everything works, assign another switch port untagged membership of VLAN1, PVID=1 and tagged membership of VLAN 30. Connect the EAP to this port. Note that VLAN 1 ends here, while VLAN 30 will end at the EAP's SSID mapped to VLAN 30.

 

Mgmt VLAN in Omada controller should be left unset (you use untagged frames to control the EAP), while the VLAN 30 will use tagged frames. Assign one SSID to VLAN 30, the other to no VLAN (there is no VLAN 1 anymore, it was terminated at the switch).

 

Keep in mind that old EAP firmware versions for EAP-Wall or EAP115 models might still have the bug that untagged frames will be accidently leaked to a VLAN-mapped SSID. AFAIK, this bug was fixed in EAP245, EAP225 and EAP225-Outdoor. This is the reason why I always use a tagged Mgmt VLAN, but managing EAPs with untagged frames is much easier when it comes to adoption of new EAPs, so first try managing the EAPs with an untagged link. You can switch to a tagged Mgmt VLAN 1 anytime later should it become necessary.

 

Hope this helps!

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#6
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-16 10:24:13

@R1D2 

 

Hi bud, thanks for the overview. I have tried to make this simpler and done as you described for DHCP\DNS. It was pretty much as i had setup except VLAN30 had its own DNS set under DHCP (10.10.30.1) but I've changed that to the routers IP\Gateway 10.10.1.1. System name = 127.0.0.1, forwarder=10.10.1.253 (Pi-hole). I'd post a link but it doesn't allow me to but a search with this 'edgerouter set service dns forwarding dhcp' comes up with the vendors whitepaper.

 

 

 

Anyway, prior to this, got of a night shift to find couldn't connect again using this VLAN30 (Private WLAN network address) Same issue, connected but 'No Internet'. The changes really didn't make much difference despite reboots of router, pi-hole, OC200 and EAPs. Now, the strange part, out of 4 SSIDs that are tagged with VLAN30, only one 2.4g will now work, the remainder wont and that includes ALL 5g SSIDs, on BOTH EAPs. I'm wondering if the OC200 is at fault acquiring DNS or if its just shot. Having said that my devices get an IP AND DNS of (now) 10.10.1.1 (which should forward to 10.10.1.253) and why then would 1 out of 4 SSIDs connect to the internet when the others don't

 

I dont want to much around with the VLAN trunking at the moment, it was working but i may revisit this anyways.

 

Cheers

  0  
  0  
#7
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-16 11:28:49

@Pugs, Omada Controller does not interfere with DNS or DHCP. It even doesn't see this traffic.

 

Rule of thumb is to get the VLANs working up to the switch before mapping SSIDs to VLANs. To do so, assign two access ports on the switch to the VLANs and check with a laptop whether you get the correct IP, DNS server's IP and default gateway IP. If this works, assign a switch trunk port to those VLANs and connect the EAP to the trunk.

 

Don't even check for Internet unless you have full network connectivity to the EdgeRouter. Use ping to find out whether you can reach the ER using a laptop on the switch.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#8
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-16 15:19:33 - last edited 2020-10-16 15:19:58

@R1D2 

Hi, I should have mentioned, this is only part of a bigger SOHO network, the vlans all work (or nearly bar IoT NOT being able to stream from the NAS without having both in same VLAN). All other WiFi work, that is guests and a sec cam, both on different VLANS.

  0  
  0  
#9
Options
Re:No Internet - WiFi - DHCP\DNS?
2020-10-16 16:00:30 - last edited 2020-10-16 16:13:41

@Pugs, it doesn't matter whether you have 2, 20 or 200 VLANs, the principle is always the same: every VLAN can be seen as a separate network. Every network needs a gateway/router, DNS and probably DHCP. Every network can use routing into all other networks or firewalling against all other networks.

 

The only reason why you would use a forwarding DNS server on a router is to have a shared DNS forwarder appearing in different networks querying a single DNS server in another separate network. If you would route traffic to/from the Pi-Hole, you would not need a forwarder, but could propagate the IP of the Pi-Hole as the DNS server to be used directly to clients.

 

Anyway, you need to set up each VLAN the same way as you would do with separate physical networks with separate physical routers, switches and APs each (including the tests). Only difference with VLANs is that you save different devices to accomplish different networks.

 

If something VLAN-related once did work with EAPs and after several firmware upgrades later fails, it could be the VLAN leakage bug fixed some time ago in some models, where untagged frames had been leaked to VLAN-mapped SSIDs. This leakage could have been avoided (and on unfixed models still can be avoided) by not using untagged frames at all and set a Mgmt VLAN for the EAP.

 

However, it's important to understand that the EAP itself (its CPU so to say) and every VLAN-mapped SSID are virtual separate devices in different networks (VLANs):
 

  • The EAP needs to have an IP in order to be manageable (controller/web UI), thus it is in the base network or however you call it. It does not necessarily need DNS nor a default gateway (both are optional and only needed if the EAP itself needs access to other networks for whatever reason, e.g. to access foreign NTP servers).
     
  • Every VLAN-mapped SSID is in another network. Clients in those different networks always need an IP, a DNS server and a default gateway if they should be able to access the Internet. Either set those IPs by DHCP or by statically assigning them – then you don't even need a DHCP server, which is very handy for tests.
     
  • The DHCP and DNS servers do not need to run on the router. For example, in my networks the DHCP server runs on the switch using different pools and DHCP relaying into the VLANs while the DNS server runs on a dedicated server in a separate network and routing is used to communicate with all clients in all other networks.

 

 

 

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
  0  
  0  
#10
Options

Information

Helpful: 0

Views: 2400

Replies: 9

Related Articles
DNS lookups for DHCP LAN clients
1122 0
T2600G and DNS-resolve of own DHCP-Adrersses
1699 0
 DHCP & DNS Issues
828 0
 DHCP not propagating hostnames for DNS resolution
1017 0
 TL ER6120 DHCP DNS issue
519 0
 EAP255(EU) WIFI intermittent Issue DHCP (connected, no internet)
1037 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.