Aruba Instant & Cloud Wi-Fi

Reply
Frequent Contributor II
Posts: 149
Registered: ‎01-31-2013

IAP: enet-vlan and Guest Network issue

Hi all,

I have a cluster of 4 IAP-205. In the network I have some VLANs, and the WiFi management VLAN is the 10 (192.168.10.X/24). So I give to the IAPs IP addresses in this VLAN and set "enet-vlan=10". The enterprise SSID with WPA2-PSK security in VLAN 100 works fine.

But theres is a big problem with the Guest SSID with "Virtual Controller assigned" IP address. When a client connect to this SSID it obtain a correct IP address, but it doesn't able to navigate. I try with Captive Portal: the client can reach the Captive Portal Login Page, but when it click "login" it can't reach Internet. I try also with Open SSID and also in this case the client can't surf the net.

The IAPs can ping Internet, so there in not a problem in the firewall ACL or in the DNS setting because the Captive Portal page is showned.

 

I temporarily "solve" the issue in this way: I give to the IAPs an IP address on VLAN 1 (192.168.1.x/24) and set "enet-vlan=1". With these settings also the Guest SSID works fine, both with Captive Portal that with Open SSID.

 

So, I think that this is an issue of "ENET-VLAN" settings. Can anyone cofirm my suggestion? There is a way to have IAPs on VLAN 10 and have a Guest SSID working?

 

Thanks,

Massimo

 

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013
Guru Elite
Posts: 21,022
Registered: ‎03-29-2007

Re: IAP: enet-vlan and Guest Network issue

When you use Virtual controller assigned, the user traffic is Natted out of the ip address of the Virtual Controller.  If the Virtual Controller ip address does not allow access to the internet, guest traffic with Virtual Controller assigned ip addresses will also not be able to go out to the internet, either.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 149
Registered: ‎01-31-2013

Re: IAP: enet-vlan and Guest Network issue

Hi Colin,

thanks for your reply. I know that the user traffic is Natted out of the ip address of the Virtual Controller, in fact in the firewall ACL there is nothing that can block this. As I wrote in the previous message, I check if the VC can reach Internet: I ping "www.google.com" from the ssh console of VC and it is ok. So this is not a problem related to Internet access of VC.

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013
Search Airheads
Showing results for 
Search instead for 
Did you mean: