Hello everyone, I am the network administrator for a primarily apple organization and I am having an extremely strange issue. I posted this on another forum, but I figured its time to hop on an apple specific forum to get some help, this is a copy/paste from my other post:
I have a guest network, very basic setup, it has its own VLAN (we can call it 5) and I am using a virtual interface on my firewall as the gateway for the internet (same setup as my printer subnet from my other routing thread). I am assigning DHCP from my server subnet, with an IP helper on the firewall interface, and there is just one policy on the FW that points the guest interface to the WAN interface, nothing special whatsoever, no communication with my other subnets. DHCP is handing out 8.8.8.8 as the only DNS server, and all clients can receive the appropriate IP address on the subnet. All of my non apple clients can get to the internet beautifully, windows devices, android devices, chrome/pixel devices, and even my personal macbook that runs OSX 10.6, the issue I am having is that none of the iPhones/iPads and modern apple computers can actually browse the internet. I can verify that they are at least able to communicate out to the WAN and onto the internet by browsing directly to an IP rather than DNS name, but most websites simply return some answer about not allowing traffic directly to an IP address, but the fact that I can get to the website to see that answer pretty much proves that the connection is being made. Obviously this seems like some sort of DNS issue, but its ONLY on modern apple devices, so im wondering if there are any other apple admins out there that know of some trick to make these devices play nicely? Im going to play around with some stuff now, but I wanted to get the question out there first to see if there is any low hanging fruit im missing. Im borrowing someones iphone to test with now, ive done all the things as far as forgetting the network, resetting network settings etc..
Is there anything special that newer apple stuff does as far as name resolution goes? Also, since posting this thread on another forum, ive noticed that some of the macbooks dont pick up DHCP either, while some do. This issue affects certain devices differently than others, and I have no clue why. I just freshly imaged a macbook, and it doesnt pull DHCP, but with a manual IP config I can ping the other hosts on the network, yet not the actual gateway of the guest network. This issue ONLY affects devices on wifi, using a thunderbolt to ethernet adapter into a switchport configured for teh guest VLAN immediately lets me pull DHCP and get to the internet without issues.
Any help would be greatly appreciated
I have a guest network, very basic setup, it has its own VLAN (we can call it 5) and I am using a virtual interface on my firewall as the gateway for the internet (same setup as my printer subnet from my other routing thread). I am assigning DHCP from my server subnet, with an IP helper on the firewall interface, and there is just one policy on the FW that points the guest interface to the WAN interface, nothing special whatsoever, no communication with my other subnets. DHCP is handing out 8.8.8.8 as the only DNS server, and all clients can receive the appropriate IP address on the subnet. All of my non apple clients can get to the internet beautifully, windows devices, android devices, chrome/pixel devices, and even my personal macbook that runs OSX 10.6, the issue I am having is that none of the iPhones/iPads and modern apple computers can actually browse the internet. I can verify that they are at least able to communicate out to the WAN and onto the internet by browsing directly to an IP rather than DNS name, but most websites simply return some answer about not allowing traffic directly to an IP address, but the fact that I can get to the website to see that answer pretty much proves that the connection is being made. Obviously this seems like some sort of DNS issue, but its ONLY on modern apple devices, so im wondering if there are any other apple admins out there that know of some trick to make these devices play nicely? Im going to play around with some stuff now, but I wanted to get the question out there first to see if there is any low hanging fruit im missing. Im borrowing someones iphone to test with now, ive done all the things as far as forgetting the network, resetting network settings etc..
Is there anything special that newer apple stuff does as far as name resolution goes? Also, since posting this thread on another forum, ive noticed that some of the macbooks dont pick up DHCP either, while some do. This issue affects certain devices differently than others, and I have no clue why. I just freshly imaged a macbook, and it doesnt pull DHCP, but with a manual IP config I can ping the other hosts on the network, yet not the actual gateway of the guest network. This issue ONLY affects devices on wifi, using a thunderbolt to ethernet adapter into a switchport configured for teh guest VLAN immediately lets me pull DHCP and get to the internet without issues.
Any help would be greatly appreciated
