The problem that the wireless APs in a certain site are collectively offline and unable to go online

AC bypass structure, wireless centralized forwarding.

In order to be compatible with wifi6 ap wa6320, the wireless AC of a certain office upgraded the AC to the R5447P03 version.

During the upgrade, the newly added WA6320 AP is connected through the new switch.

After the user completes the operation, he finds that all APs except WA6320 are online. 110 APs are involved, including WA5320\WT1024\WTU430 and other models.

I've been searching for a day in various ways, with no clue or progress.

When dealing with this problem, a very clear thinking is to first determine whether the offline AP has obtained an IP address,

Available methods: 1. Access to the AP through console to view; 2. Query the mac address through the dhcp server.

I chose the second method for remote operation and found that the dhcp address pool provided to the AP was not allocated to the other APs except for the 7 WA6320s that went online. It means that these APs probably do not have IP addresses, which can also be confirmed by querying the gateway ARP information.

When encountering this situation in the maintenance experience value, there are often several possibilities: 1. The basic configuration is wrong, such as the configuration of the vlan tag interface of the AP. 2. The address pool of the dhcp server is full of conflicts.

Obviously, the problem encountered on site is the second case. By executing dis dhcp server conflict on the switch of the dhcp server, it can be seen that all the address segments of the 256 address pools on site have been conflicted. We cleared this conflicting address pool by using reset dhcp server conflict, and found that it was full of conflicts in less than 5 seconds.

This problem encountered in maintenance experience is a typical manifestation of network loops, because during the dhcp interaction process of the terminal or AP getting the address, before the terminal finally uses this IP address, it will send a free arp to check whether there is anyone in the network It is the same as its own IP address; but when a loop occurs, this free broadcast arp will be looped back to the sender, and the sender will think that someone else in the network also uses this IP address, so nak proceeds Get the next one.

But this time the problem is not the case. We searched according to the topological connection of the switch, and checked all network nodes through lldp, and found no loop. Since vlan1 is configured on site, try to modify the vlan tag.

Modify the vlan tag related to AP registration in the whole network, and only keep the newly added poe switch of wifi6 as vlan1, the problem is solved, and offline APs get IP addresses one after another and go online. Just when we think the problem is solved: there is an unknown device in the network looping in vlan1. At this time, the on-site engineer also modified the vlan tag of the poe switch of wifi6. Then the problem happened again, and the AP was offline again, and the dhcp server conflict was triggered again.

Therefore, we began to suspect the new wifi6 AP and poe switch added in this change.

Finally, it is found that there is a configuration on the uplink port of the POE switch.

interface Ten-GigabitEthernet1/0/28

port bridge enable

After deleting this configuration, the problem is solved.

The command about port bridge enable is interpreted as

The command is used to enable the port bridge function, that is, the interface supports forwarding of same-source and same-destination packets

By default, the port bridge function is not enabled on the interface and needs to be manually enabled.

Same-source and same-destination packets are packets whose source MAC address and destination MAC address are learned on the same interface of the device. By default, the device does not forward same-source and same-destination packets. When an interface receives such packets, the device determines that the packets are illegal and directly discards the packets.

After the port bridge function is configured, when an interface receives a same-source and same-destination packet, if there is an entry corresponding to the destination MAC address of the packet in the MAC address table on the device, the packet is forwarded through the interface.

The simple understanding is that this interface has received free arp from other APs to obtain IP addresses, and it will send this free arp from the interface again, making other APs think that other people in the network are also sending free arp with the same IP address, similar to a loop Phenomenon.

Delete this order of the newly added switch

interface Ten-GigabitEthernet1/0/28

port bridge enable

The entire network does not use vlan1.