Access Points

Reply
Occasional Contributor II

APs not appearing during installation

Hey folks,

My name is Paul Mitchell and I've just started working with Aruba products this year. I'm not a big networking guy to begin with, but I do know my way around a switch. I have the ACMA and have taken the PTT and SWDI courses as well.

I'm starting my first Aruba projects at work and it seems that I'm messing something up early on. I go through the controller and VLAN wizards just fine, but when it comes time to install and deploy the APs, none of them show up in the list. I've tried both direct connections to the controller and through the switches the job requires.

The equipment being used is as follows:

1x Aruba 3200 controller
2x Nortel 4526T-PWR switches
8x Aruba AP-105 APs

I have cleared the config on the controller and individual APs several times, still to no avail. I'm sure it's something simple I'm missing, but I just can't put my finger on it.

Any help at all would be appreciated. Thanks so much for your time.
Guru Elite

Discovery and Console


Hey folks,

My name is Paul Mitchell and I've just started working with Aruba products this year. I'm not a big networking guy to begin with, but I do know my way around a switch. I have the ACMA and have taken the PTT and SWDI courses as well.

I'm starting my first Aruba projects at work and it seems that I'm messing something up early on. I go through the controller and VLAN wizards just fine, but when it comes time to install and deploy the APs, none of them show up in the list. I've tried both direct connections to the controller and through the switches the job requires.

The equipment being used is as follows:

1x Aruba 3200 controller
2x Nortel 4526T-PWR switches
8x Aruba AP-105 APs

I have cleared the config on the controller and individual APs several times, still to no avail. I'm sure it's something simple I'm missing, but I just can't put my finger on it.

Any help at all would be appreciated. Thanks so much for your time.




What are you using for the access points to discover the controller? Are you using DNS, DHCP options, what are you using? Also, connect a console cable to the AP105 and publish the output so we can see what the access point is doing.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Bah...

Sorry for the long response time, I haven't been around the office for a bit. As for the APs, I got them up after I remembered that turning on DHCP helps out -TONS- when they need to find the controller. :o

Now I'm having Captive Portal issues(I think), but that's a different issue for a different forum. Thanks a ton for the help!
Guru Elite

Captive Portal Issue

What Captive Portal issues are you having?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: APs not appearing during installation




That's the trouble, I'm not sure if it's a captive portal issue or DHCP/VLAN/Firewall problems.

This is on different hardware than listed before, it's an Aruba 620 Controller and 2x AP105s. I'm running two WLANs on here, one secured and hidden for the employees, the second is a time-restricted Guest WLAN behind a Captive Portal page requiring EULA acceptance and an email address. I was having problems at first getting the captive portal page to come up when entering a standard URL, though it would load if I put in a dummy IP(1.1.1.1, usually). After this, I moved the "captiveportal" role to the top position and it began loading the page when using a standard URL. The big problem comes after EULA acceptance and email input -- I get no internet access. I do have an IP/Gateway/Subnet, so I don't think it's a DHCP issue, but after trying to get it to work for 4+ hours yesterday, I'm a tad stumped.

Guru Elite

Role after authentication

After you authenticate, do a "show user" on the commandline to see what role the user gets into. After that do a "show rights " to see the ACLs applied to that user after he authenticates. Send us the output of both commands.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: APs not appearing during installation




Here's "Show User":

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link
AP name Roaming Essid/Bssid/Phy Profile
---------- ------------ ------ ---- ---------- ---- --------
------- ------- --------------- -------
192.168.1.254 00:1f:e2:cc:a7:1e Guest-guest-logon 00:00:01
00:24:6c:c2:b2:38 Wireless AMC-Guest/00:24:6c:ab:23:81/g Guest-aaa_prof

User Entries: 1/1


And here's "Show Rights"

Derived Role = 'Guest-guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Assigned VLAN = VLAN_2
Periodic reauthentication: Disabled
ACL Number = 43/0
Max Sessions = 65535

Captive Portal profile = Guest-cp_prof

access-list List
----------------
Position Name Location
-------- ---- --------
1 logon-control
2 captiveportal

logon-control
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 user any udp 68 deny Low

2 any any svc-icmp permit Low

3 any any svc-dns permit Low

4 any any svc-dhcp permit Low

5 any any svc-natt permit Low

captiveportal
-------------
Priority Source Destination Service Action TimeRange Log Expired Qu
eue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- --
--- --- ----- --------- ------ -------
1 user controller svc-https dst-nat 8081 Low
2 user any svc-http dst-nat 8080 Low
3 user any svc-https dst-nat 8081 Low
4 user any svc-http-proxy1 dst-nat 8088 Low
5 user any svc-http-proxy2 dst-nat 8088 Low
6 user any svc-http-proxy3 dst-nat 8088 Low

Expired Policies (due to time constraints) = 0


Hope this helps :)

Guru Elite

Role AFTER authentication


Here's "Show User":

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link
AP name Roaming Essid/Bssid/Phy Profile
---------- ------------ ------ ---- ---------- ---- --------
------- ------- --------------- -------
192.168.1.254 00:1f:e2:cc:a7:1e Guest-guest-logon 00:00:01
00:24:6c:c2:b2:38 Wireless AMC-Guest/00:24:6c:ab:23:81/g Guest-aaa_prof

User Entries: 1/1


And here's "Show Rights"

Derived Role = 'Guest-guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Assigned VLAN = VLAN_2
Periodic reauthentication: Disabled
ACL Number = 43/0
Max Sessions = 65535

Captive Portal profile = Guest-cp_prof

access-list List
----------------
Position Name Location
-------- ---- --------
1 logon-control
2 captiveportal

logon-control
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 user any udp 68 deny Low

2 any any svc-icmp permit Low

3 any any svc-dns permit Low

4 any any svc-dhcp permit Low

5 any any svc-natt permit Low

captiveportal
-------------
Priority Source Destination Service Action TimeRange Log Expired Qu
eue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- --
--- --- ----- --------- ------ -------
1 user controller svc-https dst-nat 8081 Low
2 user any svc-http dst-nat 8080 Low
3 user any svc-https dst-nat 8081 Low
4 user any svc-http-proxy1 dst-nat 8088 Low
5 user any svc-http-proxy2 dst-nat 8088 Low
6 user any svc-http-proxy3 dst-nat 8088 Low

Expired Policies (due to time constraints) = 0


Hope this helps :)




Is that the role the user gets AFTER he authenticates? You need to edit the Captive Portal Authentication profile "Guest-cp_prof" to have the role you want the user to have AFTER he authenticates, not the guest-guest-logon role.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: APs not appearing during installation

Ooops, my bad. Here you go:

Users
-----
IP MAC Name Role Age(d:h:m) Auth
VPN link AP name Roaming Essid/Bssid/Phy Profile
---------- ------------ ------ ---- ---------- ----
-------- ------- ------- --------------- -------
197.232.2.121 00:1d:d9:1a:d1:7c authenticated 00:00:07
00:24:6c:c2:b2:38 Wireless Aruba-AMC/00:24:6c:ab:23:80/g AMC-aaa_prof
192.168.1.254 00:1f:e2:cc:a7:1e email@email.com guest 00:00:10 Web
00:24:6c:c2:b2:38 Wireless AMC-Guest/00:24:6c:ab:23:81/g Guest-aaa_prof

User Entries: 2/2





And...



Derived Role = 'guest'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 3/0
Max Sessions = 65535


access-list List
----------------
Position Name Location
-------- ---- --------
1 http-acl
2 https-acl
3 dhcp-acl
4 icmp-acl
5 dns-acl
6 v6-http-acl
7 v6-https-acl
8 v6-dhcp-acl
9 v6-icmp-acl
10 v6-dns-acl

http-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-http permit Low

https-acl
---------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 80
21P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- --
--- --------- ------ -------
1 any any svc-https permit Low

dhcp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-dhcp permit Low

icmp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-icmp permit Low

dns-acl
-------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021
P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----
- --------- ------ -------
1 any any svc-dns permit Low

v6-http-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-http permit Low

v6-https-acl
------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 80
21P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- --
--- --------- ------ -------
1 any any svc-https permit Low

v6-dhcp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS
8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- ---
----- --------- ------ -------
1 any any svc-v6-dhcp permit Low

v6-icmp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS
8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- ---
----- --------- ------ -------
1 any any svc-v6-icmp permit Low

v6-dns-acl
----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021
P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----
- --------- ------ -------
1 any any svc-dns permit Low


Expired Policies (due to time constraints) = 0
Guru Elite

Bug


Ooops, my bad. Here you go:

Users
-----
IP MAC Name Role Age(d:h:m) Auth
VPN link AP name Roaming Essid/Bssid/Phy Profile
---------- ------------ ------ ---- ---------- ----
-------- ------- ------- --------------- -------
197.232.2.121 00:1d:d9:1a:d1:7c authenticated 00:00:07
00:24:6c:c2:b2:38 Wireless Aruba-AMC/00:24:6c:ab:23:80/g AMC-aaa_prof
192.168.1.254 00:1f:e2:cc:a7:1e email@email.com guest 00:00:10 Web
00:24:6c:c2:b2:38 Wireless AMC-Guest/00:24:6c:ab:23:81/g Guest-aaa_prof

User Entries: 2/2





And...



Derived Role = 'guest'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 3/0
Max Sessions = 65535


access-list List
----------------
Position Name Location
-------- ---- --------
1 http-acl
2 https-acl
3 dhcp-acl
4 icmp-acl
5 dns-acl
6 v6-http-acl
7 v6-https-acl
8 v6-dhcp-acl
9 v6-icmp-acl
10 v6-dns-acl

http-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-http permit Low

https-acl
---------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 80
21P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- --
--- --------- ------ -------
1 any any svc-https permit Low

dhcp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-dhcp permit Low

icmp-acl
--------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-icmp permit Low

dns-acl
-------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021
P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----
- --------- ------ -------
1 any any svc-dns permit Low

v6-http-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 any any svc-http permit Low

v6-https-acl
------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 80
21P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- --
--- --------- ------ -------
1 any any svc-https permit Low

v6-dhcp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS
8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- ---
----- --------- ------ -------
1 any any svc-v6-dhcp permit Low

v6-icmp-acl
-----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS
8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- ---
----- --------- ------ -------
1 any any svc-v6-icmp permit Low

v6-dns-acl
----------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021
P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----
- --------- ------ -------
1 any any svc-dns permit Low


Expired Policies (due to time constraints) = 0




If you are using ArubaOS 5.0.1.0, you are running into a recently discovered bug where if you are ONLY allowing users to put their email address in, it does not redirect users properly. In the captive portal authentication profile, if you enable "user" logon, and it works, you know that you are running into this bug. You should open up a support case so you can get details on a workaround or when it will be fixed. The bug number would be 43548. Meanwhile, if you can enable user authentication and create a single user that everyone logs on with, this should work.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: