AAA, NAC, Guest Access & BYOD

How do I help a client that has a production VLAN IP address but is connected to the registration VLAN?

Aruba Employee
Product and Software: This article applies to all ECS product and software versions.

Solution

 

  1. Check that the client is in the registration VLAN. From the Topology view, right-click on the switch and select Resynch Clients. Then right-click on the port in question and verify that the current VLAN is the registration VLAN.

  2. Check for a dynamic versus static IP address. Have the user check the client computer TCP/IP settings. If the IP address is static, reset it to a dynamic IP address and restart the client computer or release and renew the IP on the interface.

  3. Connect to the appliance and watch the DHCP log file for incoming requests and responses.

  4. Type:

tail -f /bsc/logs/rc.dhcpd.log

  1. If you see no requests, verify that the DHCP service is running. On the NCAS/NAS, type:

/etc/init.d/dhcpd status

  • Verify that the DHCP service is listening on the appropriate interface: Restart the DHCPD service to output this information in the 'rc.dhcpd.log' file. Type:

/etc/init.d/dhcpd restart

  • Verify that the '/bsc/siteConfiguration/dhcpd.conf' file is configured correctly.

  • While monitoring the 'rc.dhcpd.log' file (assuming the service is running and listening on the appropriate interface), release and renew the client several times. If you don't see DHCP activity in the log file, verify the VLAN (step 1) and, if possible, try a different client.

  • If there is still no DHCP activity in the 'rc.dhcpd.log' file, verify the network configuration (such as VLANs, routers, and ACLs).

 

Validation

 

In Topology view, double-click on the client and check that the client is registered and has an IP in the registration scope.

 

Here is an example of the registration scope as listed in the '/bsc/siteConfiguration/dhcpd.conf' file:

 

# Registration Scope

subnet <The Reg Subnet> netmask <The Reg Subnet Mask> {

range <Start Address of Range> <End Address of Range>;

default-lease-time 960;

max-lease-time 960;

authoritative;

allow declines;

option domain-name "aruba-reg.com";

option domain-name-servers <Registration Interface IP>;

option broadcast-address <Reg Broadcast Address>;

option routers <Reg Default Gateway>;

}

 

Here is a real example:

 

# Registration Scope

subnet 192.168.130.0 netmask 255.255.255.0 {

range 192.168.130.100 192.168.130.200;

default-lease-time 300;

max-lease-time 300;

authoritative;

allow declines;

option domain-name "-training-REG3.local";

option domain-name-servers 192.168.130.2;

option broadcast-address 192.168.130.255;

option routers 192.168.130.1;

}

 

Version history
Revision #:
1 of 1
Last update:
‎06-30-2014 06:24 PM
Updated by:
 
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: