Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 14
Registered: ‎03-11-2015

Clients on Aruba Instant cant reach network resources, Can get IP

Thanks in advance for the help, I'm broadcasting two SSID's. I can connect to each of them and get an IP address but then i cant get to any of the resources on the domain.

 

ac:a3:1e:c0:5f:2a# show run
version 6.4.0.0-4.1.0
virtual-controller-country US
virtual-controller-key fbae5e0901a27461ca6b12122b5dd9499bf2a5c330300143ee
name instant-C0:5F:2A
terminal-access
telnet-server
clock timezone none 00 00
rf-band all

allow-new-aps
allowed-ap ac:a3:1e:c0:5f:2a

 

arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning

ip dhcp pool
subnet 10.1.62.0
subnet-mask 255.255.255.0
dns-server 10.1.20.10
domain-name tecu.local
lease-time 43200


syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless


extended-ssid

 


mgmt-user admin 237877e24f8d38a157c737773101457c

wlan access-rule default_wired_port_profile
index 0
rule any any match any any any permit

wlan access-rule wired-instant
index 1
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

wlan access-rule Outdoor
index 2
rule any any match any any any permit

wlan access-rule Test
index 3
rule any any match any any any permit

wlan ssid-profile Outdoor
enable
index 0
type employee
essid Outdoor
wpa-passphrase 3572d4a30955935610d93f6553035a61e637151861f47bb2
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 1
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 10000
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

wlan ssid-profile Test
enable
index 1
type employee
essid Test
wpa-passphrase b97adbc4930eade35fd5ec0a5865b61e207d8b5f4932aabf
opmode wpa2-psk-aes
max-authentication-failures 0
vlan 200
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter arp
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

auth-survivability cache-time-out 24

 

dpi

wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https


blacklist-time 3600
auth-failure-blacklist-time 3600

ids
wireless-containment none

ip dhcp 62
server-type Distributed,L2
server-vlan 62
ip-range 10.1.62.220 10.1.62.239
subnet-mask 255.255.255.0
lease-time 60000
default-router 10.1.62.1
dns-server 10.1.20.10
domain-name tecu.local
client-count 4

ip dhcp Test
server-type Local
server-vlan 200
subnet 10.1.200.1
subnet-mask 255.255.255.0
exclude-address 10.1.200.1
lease-time 60000
dns-server 10.1.20.10
domain-name tecu.local


wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x


enet0-port-profile default_wired_port_profile

uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180


airgroup
disable

airgroupservice airplay
disable
description AirPlay

airgroupservice airprint
disable
description AirPrint

 

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Clients on Aruba Instant cant reach network resources, Can get IP

HI,

 

Do you have any IAP VPN with the Controller ?? if so please check the status of the tunnel.

 

Please free for any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II
Posts: 14
Registered: ‎03-11-2015

Re: Clients on Aruba Instant cant reach network resources, Can get IP

This is my first IAP and will probably be the only one. So it is the controller i guess. I dont have any type of VPN setup on it.

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Clients on Aruba Instant cant reach network resources, Can get IP

Hi,

 

How do you want to provide IP address to clients ? IAP or through external DHCP ?

 

In the above config I'm seeing L2 distributed DHCP which is required when you want to have VPN tunnel with the Controller and DHCP in the IAP. please remove that if you do not have any VPN with the controller.

 

Please comeback with the above asked information, we can fix the issue.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Aruba Employee
Posts: 27
Registered: ‎02-10-2014

Re: Clients on Aruba Instant cant reach network resources, Can get IP

Does you network know how to route back the IP blocks for the DHCP addresses to the IAP?
Occasional Contributor II
Posts: 14
Registered: ‎03-11-2015

Re: Clients on Aruba Instant cant reach network resources, Can get IP

How would i go about doing that? on the switch? or inside the IAP?

 

MVP
Posts: 138
Registered: ‎07-12-2012

Re: Clients on Aruba Instant cant reach network resources, Can get IP

It seems that you have your uplink port on trunk. Are you doing that by choice or you need the iAP to do a sourceNAT ?

If you found my post helpful, please give kudos!
Search Airheads
Showing results for 
Search instead for 
Did you mean: