cancel
Showing results for 
Search instead for 
Did you mean: 

Issue with AP DHCP Server on VsZ

thierry_faridia
New Contributor

Hi,

We've got an hosted VsZ server with APs on client site. For guest SSID (going on WisPr external server), we use DHCP server function of APs with a VLAN corresponding to avoid creating a vlan and specific on the local network switches and internet router. 

So everything is ok with assign dhcp address to clients but firewall detects the network subnet behind DHCP of AP and drop packets because it detects ip spoofing.

Exemple here : 

Local LAN subnet client is 192.168.1.X/24 where AP has 192.168.1.19. AP DHCP server created with pool 10.10.10.X/24, wifi client gets 10.10.10.133 but then can't communicate with captive portal and download portal https page.

I got this 10.10.10.133 address wich appears in firewall and is denied. But I must not see this subnet if AP would NAT correctly ?

I made a packet capture on AP LAN Port and we see indeed 10.10.10.133 trying to talk with Guest Server.

Image_ images_messages_5fd399d6c7b3b92d0a9bf976_0130e7820dd1d4a55a06028390fab01a_Capturewire-5ab1c99d-bc08-4d2c-9848-4c1ece1ff346-130664446.JPG
VsZ version : 5.2.1.0.515
AP version : 5.2.1.0.1017
Thank for help
2 REPLIES 2

syamantakomer
Moderator
Moderator

Hi Thierry,

As per the logic, client traffic in above example should hit the firewall with APs NAT IP, not the client's original IP.

I suggest you to open the case with support and provide all the available information from your troubleshooting.

Regards,
Syamantak Omer
Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

Ok, we'll do that thank you for answer