10-27-2010 03:25 AM
We have a site where we allow customers to connect to the local network using wired connections. They receive a DHCP address successfully from our DHCP server. This server is setup to include option252 which provides the URL for the wpad.dat file which assigns their Internet Explorer with the appropriate proxy server settings (assuming they have the Automatically detect settings box ticked).
Everything works fine and they can access the Internet OK.
To cater for wireless clients at this site we have deployed an Aruba Access Point (Remote AP) at this site with the following Virtual AP Profile:
Virtual AP: enable
Allowed band: all
Forward mode: Bridge
Deny time range --NONE--
Mobile IP: enabled
HA Discovery on-association : off
DoS Prevention: off
Station Blacklisting: on
Blacklist Time 3600sec
Dynamic Multicast Optimization: off
Dynamic Multicast Optimization Threshold : 6
Authentication Failure Blacklist Time 3600sec
Multi Association: off
Strict Compliance: off
VLAN Mobility: off
Remote-AP Operation always
Drop Broadcast and Multicast: off
Convert Broadcast ARP requests to unicast: off
Band Steering: off
The wireless client can connect successfully to the SSID linked to the above Virtual AP profile using WPA-PSK encryption. It also gets assigned an IP address from the same scope as the aforementioned wired clients, as does the Remote-AP.
To all intensive purposes it looks like everything should work. However the DHCPInform request from the Wireless Client to the DHCP Server to find out where the WPAD.DAT file is to configure it's proxy settings appears to be getting lost / blocked somewhere.
Has anyone else encountered this problem or know perhaps why the DHCP Inform requests are not getting through?
We have compared the conversation seen on our firewall, which sits between the remote site and the DHCP server, for both wired and wireless clients. They appear indentical which suggests that the problem is with the way the return packet is being processed by the Remote AP bridge.
10.44.152.196.68 > 255.255.255.255.67: C:10.44.152.196 bootp
10.44.152.222.67 > 10.224.48.202.67: (request) hops:1 C:10.44.152.196 bootp
10.224.48.202.67 > 10.44.152.196.68: C:10.44.152.196 bootp
Client broadcasts out.
Default gateway forwards the request to the DHCP server.
DHCP server then replies to the client.
It is this reply which never gets back to the wireless client, but does for the wired client.
10-27-2010 05:08 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
10-28-2010 12:40 AM
Using Wireshark helped show this :-)
My fault and nothing to do with Aruba in bridge mode.