AirWave and Network Management

Reply
New Contributor
Posts: 4
Registered: ‎09-09-2011

LocalDNS, DHCP and Multiple SSID's

Hello,

We're having a bit of an issue with a configuration change on one of our controllers which is currently in production. Essentially, the configuration currently is as follows:

-Aruba3600 Controller currently running ArubaOS 5.0.2.0.
-RAP5-WN's at each individual location.
-x3 SSID's under 1 AP group
-Two are configured as a Split Tunnel
-One configured currently configured as Split Tunnel but we would like to change to bridging mode.

All three of these SSID's are in one AP Group and we would like them to remain all in their own group if at all possible.

Essentially, what we are trying to do is have one of the SSID's in this group act as its own separate network with a dhcp server. (Essentially as its own typical home based router with DHCP server..)

We do not want the users to be able to contact other users at different locations; however we would like them to be able to connect to each other within the local 192.168.11.0 network.

Currently, I've things as follows:

-Set the virtual AP profile to Bridge mode.

-Then configured the AP profile as follows:
ap-group "APGroup"
virtual-ap "DEVHotspot_WLAN-vap_prof"
virtual-ap "DEVPhone_WLAN-vap_prof"
virtual-ap "DEVDemo_WLAN-vap_prof"
ap-system-profile "apsys_prof-vfq70"
!

ip dhcp pool Demo
default-router 192.168.11.1
dns-server 8.8.8.8 8.8.8.4
network 192.168.11.0 255.255.255.0
authoritative
!
vlan 11
!
interface vlan 11
ip address 192.168.11.1 255.255.255.0
ip nat inside
operstate up
!
ap system-profile "apsys_prof-vfq70"
rap-dhcp-server-vlan 11
rap-dhcp-server-id 192.168.11.1
rap-dhcp-default-router 192.168.11.1
rap-dhcp-pool-start 192.168.11.5
rap-dhcp-pool-end 192.168.11.254
rap-dhcp-dns-server 8.8.8.8
!
wlan virtual-ap "Demo_WLAN-vap_prof"
ssid-profile "Demo_WLAN-ssid_prof"
vlan 11
forward-mode bridge
preserve-vlan
rap-operation always
!

When we configure it this way however, the client gets the 192.168.11.x an ip address, however he is unable to ping the gateway..
Essentially we would like to be utilizing the DHCP server on the RAP's if possible.

Any help or direction would be greatly appreciated.

Thanks in advance,
John
Aruba Employee
Posts: 117
Registered: ‎09-21-2010

Re: LocalDNS, DHCP and Multiple SSID's

Hi John,

Can you post the AAA profile for this VAP, user role used in the AAA profile, the policies used for this user role and aliases if any.

Regards,
Sathya
New Contributor
Posts: 4
Registered: ‎09-09-2011

Re: LocalDNS, DHCP and Multiple SSID's

Hello Sathya,

Thank you for getting back to me so quickly. The information you requested is as follows:

aaa profile "Demo_WLAN-aaa_prof"
initial-role "Allow-All"
dot1x-default-role "Allow-All"
!
user-role Allow-All
access-list session allowall
!
ip access-list session allowall
any network x.x.x.x 255.255.255.224 any permit queue high
any network x.x.x.x 255.255.255.224 any permit queue high
any any any permit

For now, I configured the aaa profile to allow-all. as Id like to make this as simple as possibly until I get it working.

Thanks,
John
New Contributor
Posts: 4
Registered: ‎09-09-2011

Re: LocalDNS, DHCP and Multiple SSID's

It ended up being an access-list issue. I changed the any-any rule from to src-nat from permit, and it appears to be functioning correctly now.

ip access-list session Allow-All
any any any src-nat

Thanks for leading me in the right direction!

John
Search Airheads
Showing results for 
Search instead for 
Did you mean: