Access Points

Reply
Occasional Contributor II

RAP backup SSID & APIPA

Hi,

We have an ARUBA 3200 controller and RAP2 and 5's for people who travel around the world and who need access to our corporate network. Since they stay in hotels, where the use of internet is only possible by passing through their hotel-portal/login, we created a backup SSID that is active when the RAP is not able to connect to the controller. This worked fine until a few days ago. All of a sudden, the BRIDGE mode requires the internetprovider to give another IP address to the client through the backup ssid. Untill now, I thought that the IP-address given to the RAP was transfered to the client for login purposes and once the connection to the controller is ok, it disables the backup ssid and enables the normale working ssid that has tunnel mode.

Anyone has an idea what action should be taken?

Thx,

Paul
Je suis Charlie

Paul Roosemeyers
Secure Remote Communications
Guru Elite

Re: RAP backup SSID & APIPA

Do you mean the RAP5 gets a different ip address after the client authenticates with the hotel web page? Please explain..


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: RAP backup SSID & APIPA

Thanks for the quick reaction.
At the moment we get the problem with the RAP2-WG. When in the hotel, the RAP tries to contact our controller. when that doesn't work, it enables the backup SSID that is configured to be in BRIDGE mode. ( I think that ) This means that the IP address, given to the RAP, by the DHCP server from the hotel, is handed over to the client, who then is capable of entering the login/portal page of the hotel, to enable internet access. Once the internet access is up and running, the RAP sees his controller, de-activates the backup SSID and enables his TUNNELED-mode SSID that gives a corporate IP-address to the connected client, in order for him/her to login to the corporate network.
This is how it should work. at this moment we see the backup SSID, we try to connect and after a few seconds it states that we are connected but with low network connectivity and our IPaddress is 169.xxx.xxx.xxx (APIPA).
Je suis Charlie

Paul Roosemeyers
Secure Remote Communications
Guru Elite

Re: RAP backup SSID & APIPA

What version of code is on your controller? The DHCP server on the AP should provide an ip address to the client, and then NAT the traffic out if the ip address that the RAP5 is handed. If the client does not get an ip address from the hotel SSID, the problem is that the RAP did not give it an ip address, but it should.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: RAP backup SSID & APIPA

The first thing I would check is all the DHCP settings in your RAP group's AP System Profile. Make sure the scope and VLAN definitions are all correct in there.
Occasional Contributor II

Re: RAP backup SSID & APIPA

Goodmorning (in Europe that is),
Checked the DHCP settings and they are OK.
Version on controller is 5.0.2.0
What I found out while testing at home :
test 1 :
* connection to controller OK (everything works fine)
* connection to controller lost
* Backup SSID alive
* Connection to Backup SSID works, my laptop got an IP address. However, the IP address is form the DHCP server in my home-router. Funny, it should be in bridge mode

test 2 :
* no connection to controller, but connected to my home router
* backup SSID alive after 60 seconds
* connected to backup SSID, again the IP address comes from the home router

test 3 :
* no connection to controller
* backup SSID alive after 60 sec
* since the RAP has got a fixed IP from my router and DHCP was disabled, I get no connection to the backup SSID, my WiFi card gets an APIPA address.

So the conclusion of these tests is that the bridge mode does not handover the IP address from the RAP to the client, it depends on a DHCP server that gave the RAP an IP address.

Any suggestions?
Je suis Charlie

Paul Roosemeyers
Secure Remote Communications
Guru Elite

Re: RAP backup SSID & APIPA

You could be running into this:

41351

Bridge clients now correctly get an IP address when switching from a standard VAP to a backup VAP on the same Remote AP, when the RAP is coming through a DSL router or NAT device.

This bug is fixed in ArubaOS 5.0.3.0 and above and is the 5.0.3.0 release notes. You can try upgrading when you have a window to see if it fixes it.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: RAP backup SSID & APIPA

Will get into it, when my registration at support.arubanetworks is approved. Now that we found out what is going wrong (?) , we can inform our users what to do.
Thanks for your responses and your time. It's much appreciated!

I got the odd feeling, I'll be on this forum a lot in the next year. :-))
Je suis Charlie

Paul Roosemeyers
Secure Remote Communications
JYL
Occasional Contributor II

Re: RAP backup SSID & APIPA

I tested this on AOS 6.1.2.2 the bug still the same the RAP connected no issue on tunnel mode.

once the RAP2WG cant see the controller the Backup SSID will kickin but the RAP wont provide an ip address to the client which wont allow to get the hotel CP.

can someone confirm if this is working properly?

thanks
Joey
Guru Elite

Re: RAP backup SSID & APIPA

It is working properly on that version of code. Looking at PolleVdWan's post, if your client is getting the ip address of your local lan in scenario 2, that means that the Remote-AP DHCP Server VLAN parameter does NOT match the Virtual AP VLAN for your bridged SSID, so users are getting bridged locally, but NOT to the VLAN in the AP that has the DHCP server. The Remote-AP DHCP Server VLAN parameter MUST match the Virtual AP VLAN of the Bridged SSID for ip addresses to be given out.

JYL, yes it does work. If it does not work, please post the contents of your bridged Virtual AP, as well as the contents of your AP system profile for that AP-group. Many of us use the same method for APs to do site surveys and it works.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: