Access Points

Reply
Occasional Contributor I
Posts: 7
Registered: ‎10-27-2010

Aruba APs and Automatic Proxy Configuration

Background
We have a site where we allow customers to connect to the local network using wired connections. They receive a DHCP address successfully from our DHCP server. This server is setup to include option252 which provides the URL for the wpad.dat file which assigns their Internet Explorer with the appropriate proxy server settings (assuming they have the Automatically detect settings box ticked).
Everything works fine and they can access the Internet OK.

Problem
To cater for wireless clients at this site we have deployed an Aruba Access Point (Remote AP) at this site with the following Virtual AP Profile:

Virtual AP: enable
Allowed band: all
VLAN: 1
Forward mode: Bridge
Deny time range --NONE--
Mobile IP: enabled
HA Discovery on-association : off
DoS Prevention: off
Station Blacklisting: on
Blacklist Time 3600sec
Dynamic Multicast Optimization: off
Dynamic Multicast Optimization Threshold : 6
Authentication Failure Blacklist Time 3600sec
Multi Association: off
Strict Compliance: off
VLAN Mobility: off
Remote-AP Operation always
Drop Broadcast and Multicast: off
Convert Broadcast ARP requests to unicast: off
Band Steering: off

The wireless client can connect successfully to the SSID linked to the above Virtual AP profile using WPA-PSK encryption. It also gets assigned an IP address from the same scope as the aforementioned wired clients, as does the Remote-AP.

To all intensive purposes it looks like everything should work. However the DHCPInform request from the Wireless Client to the DHCP Server to find out where the WPAD.DAT file is to configure it's proxy settings appears to be getting lost / blocked somewhere.

Has anyone else encountered this problem or know perhaps why the DHCP Inform requests are not getting through?

We have compared the conversation seen on our firewall, which sits between the remote site and the DHCP server, for both wired and wireless clients. They appear indentical which suggests that the problem is with the way the return packet is being processed by the Remote AP bridge.

Conversation
10.44.152.196.68 > 255.255.255.255.67: C:10.44.152.196 bootp
10.44.152.222.67 > 10.224.48.202.67: (request) hops:1 C:10.44.152.196 bootp
10.224.48.202.67 > 10.44.152.196.68: C:10.44.152.196 bootp

Client broadcasts out.
Default gateway forwards the request to the DHCP server.
DHCP server then replies to the client.

It is this reply which never gets back to the wireless client, but does for the wired client.
Guru Elite
Posts: 21,515
Registered: ‎03-29-2007

wireshark

Install wireshark on the local, as well as remote clients and do a packet capture. Open packets and compare returned DHCP options.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎10-27-2010

Resolved

Looks like I made an error when tidying up the final firewall rules and removed the rule allowing the DHCP server to initiate a conversation back to the remote sites IP range. The confusing part was that the laptop that looked like it was still working at one stage was obviously using cached information with regards to the proxy server.

Using Wireshark helped show this :-)

Conclusion
My fault and nothing to do with Aruba in bridge mode.
Search Airheads
Showing results for 
Search instead for 
Did you mean: