Meru Access issue
I've an issues with my Meru Wireless and I was wondering if anyone had experienced anything like it and knew what was up. We also seem to have having some odd issues with students not having access and I'm wondering if there is any relation.
I've 2 VLANs. A wireless VLAN and a second on for our main accademic network. The conttroller is into a port tagged on both VLANs, the AP's are not, they are on untagged ports on the main accademic VLAN. VLAN routing sees the wireless vlan go out through the proxy server to provide routing and transparent internet filtering. Each network has it's own DHCP Server. Rough Image below.
Now when I connect a device to the wireless it seems to work, it get and IP address on the 172.17 range and all my tests work OK. However I am getting reservations in my Accademic IP address range for devices (172.16). But when I check a device it comes back correctly with an IP address for the wireless 172.17.
I've had a chat with Meru this afternoon and they have suggested some things which haven't worked. Before I went back to them I though I'd ask if anyone else knew why this would happen.
While you drawing is useful from one perspective.. (and better than anything I have for my own network), consider drawing it from the view point understanding a packet's journey, leaving a wireless devices, traversing an AP, being tunnelled to the controller, egressing the controller, hitting your core and being routed from there.
You can get further insight by mirroring your core switch ports that connect to the meru controller and passing them to Wireshark.
Now look for the DHCP requests... and the responses. What IP's VLANs do they appear to be to/from. Does this match the expectation you have gained from the system drawing you made above?
If I were to guess, I would suggest that it might be that the controller is passing the DHCP request to your core, and your core is passing it to both your DHCP Servers and since the controller appears (since it proxying at the mac level for the wireless clients) to be in both subnets they both respond, but the controller only passes back the one relevant to the clients' subnet.