Wifi WAN: Unable to obtain IP address on PEPLINK MAX BR1

I’m setting up WiFi WAN on my PEPLINK MAX BR1 for the first time, and having significant difficulties - running 8.1.2s109 build 4899

I’ve configured for the local WiFi network and correctly entered the password for the network. I see that the network shows a green checkmark next to it when I hit “Wireless Networks” on the Status page next to that interface, so I’m guessing that means it’s connecting correctly at some layer. But then… no IP address.

  • No splash page on the network.

  • I’ve tried manually adding it, and then clicking on it after discovery.

  • I am only using Wifi Wan right now - no other outbound/upstream connections.

  • I’ve rebooted several times.

  • I’ve removed DNS forwarding/caching, disabled any testing so this should “Just work” once we get L2 hookup in WiFi. No other packets should be sent by the PEPLINK - or is there some sort of “magic test” that is not obvious that the PEPLINK does that is getting blocked by the splash page, and causing the endless loop on “WAN: Wi-Fi WAN on 5 GHz cannot obtain IP address”

  • Why do I see in my DNS settings via DHCP on the laptop connected on the inside interface? There isn’t any DNS setting that we’re getting back from the upstream WAN connections yet. There should be no DNS in my DHCP services until that point. (this is me being a purist, but it is actually confusing to see DNS results in the DHCP when there is no DNS provided by any upstream)

Here is what WiFi Explorer (on Mac) says about the network encryption, which I somehow suspect is at the root of the issue.

Forgot to mention: Wifi WAN works fine with another SSID that I tested with on different gear. A Cisco system running a WLC (8.5? version) works great, but the failing SSID is on Meraki but not sure of any of the specs.

Hi John (curious… are you the John Todd I may know from various DNS related activities? :slight_smile: )

I’d suggest upgrading the firmware to 8.2.1 - there are a few WiFi WAN fixes in that build that may help - not specifically for your model but you are currently on a special build of firmware so unless there is a particular reason for that I’d upgrade to a mainline release.

The screenshot implies WPA1/TKIP in use (yuck!), I’d think on the WiFi WAN config page you can set the encryption to auto and it should figure that out, but maybe specify it and see what happens.

Out of interest if you have control of the Cisco WLC based system what happens if you configure an SSID with settings to mimic the Meraki - do you get the same behaviour?

If you’re using the AP in the Peplink for serving up a local SSID for your devices maybe temporarily disable that too just to rule out some odd interaction with the radio doing double duty there and use it only for the WiFi WAN function, assuming you can connect a device via ethernet to test.

If there is a splash page / captive portal involved then you would typically disable the health checks on the WiFi WAN so that the Peplink considers it “up”, after that you need to obviously authenticate wit the portal. Normal process here is to configure an outbound policy to route traffic straight out the WiFi WAN so you can log in - I do this for hotel WiFi by setting a policy for a single static IP on the LAN side so I can easily have a device configured to use that IP get to the portal and then perform any necessary authentication steps. All that said though the Peplink should connect and get an IP regardless of a portal being present.

Hi Will -
Yes, same person. Which is why you see the comments about “Why without anyone saying so?” That seems unexpected and flawed.

Anyway - I’ll try the software update, thanks for the hint.

Turning off TKIP didn’t seem to make a difference but I don’t control that system so any changes are glacially slow. When I root around in the various deep settings of the WLC, there are a million knobs to turn and frankly I don’t have the time right now to simulate the problem on my own platform so I’m going to not try to work backwards from my own working config and try to work forwards on the Meraki and PEPLINK configurations.

I have tried letting it automatically set encryption options, as well as specifying them manually - no luck with either model of configuration.

There was a splash page, but that’s been removed (and I did validate removal) during previous testing.

I did turn off AP mode a while ago since i figured that would complicate matters - I’m really in a stripped-down config right now. I’ve been using ethernet the whole time for my administrative console.

The firmware update to 8.2.1 did the trick - somehow 8.1.2 is not happy with WiFi WAN capabilities in my circumstances, so “problem solved.” Thanks for the hint!