Aruba Instant & Cloud Wi-Fi

Reply
Frequent Contributor II
Posts: 149
Registered: ‎01-31-2013

VLAN tagging issue with IAP

Hi,

I have some issues with VLAN tagging withIAP-105.

I have a network with 3 VLAN:

VLAN 1:          10.10.0.0/16

VLAN 2:          192.168.2.0/24

VLAN 150:      192.168.150.0/24

 

VLAN 1 is the management VLAN in the LAN, while VLAN 150 is the management VLAN for the IAP-105 (I define it in the Uplink Management VLAN parameter for the IAP). The network has a Layer3 switch to implement routing beetwen VLANs.

I create two SSIDs, assigning each a Static VLAN ID in the VLAN screen of WLAN definition. The two SSID are:

WiFi-Test1, with VLAN ID 1

WiFi-Test2, with VLAN ID 2

 

The interface of the switch where I connect the IAP-105 is a trunk with the native VLAN 150 and tagged VLAN 1, 2. The interface in which I connect my laptop is defined Access with VLAN 1.

If a client associates to SSID WiFi-Test1, with an IP in the VLAN 1 network (10.10.0.5), I can't ping it.

If a client associates to SSID WiFi-Test2, with an IP in the VLAN 2 network (192.168.2.5), I can ping it, instead.

I try to substitute VLAN 1 with VLAN 118 (10.118.0.0/16) in the WiFi-Test1 definition, and I create the VLAN 118 in the LAN, defining it tagged in the interface where the IAP is connected: with these changes I can ping a client that is associated to WiFi-Test1, with an IP in the subnet 10.118.0.0/16.

 

I think that the problem with VLAN 1 tagging should be a bug of the IAP. Is true?

There is anyone else who had a similar problem?

 

Thanks,

 

Massimo

 

 

 

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013
Contributor II
Posts: 42
Registered: ‎08-22-2011

Re: VLAN tagging issue with IAP

If you connect another machine directly to the switch on VLAN1 can you ping it?

Frequent Contributor II
Posts: 149
Registered: ‎01-31-2013

Re: VLAN tagging issue with IAP

Do you mean in an interface in Access mode with VLAN1? Yes, I can ping it!

------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013
New Contributor
Posts: 1
Registered: ‎10-22-2012

Re: VLAN tagging issue with IAP

I am having a similar problem.

 

My IAP config:

I have 2 wlan in IAP, and the management interface of IAP is in a native vlan 90 (mngt)

wlan1 - vlan 1

wlan4 - vlan 4

uplink management - trunk - native vlan 90 - allowed all vlans

 

wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 90
no shutdown

 


wlan ssid-profile WLAN4
index 4
type employee
essid WLAN4
vlan 4

 

wlan ssid-profile WLAN1
index 1
type employee
essid WLAN1
vlan 1

 

In my switch (L3) i configured both interfcaces vlan 1 and 4 (with dhcp), and vlan 90 (no dhcp)

(the IAP has an fixed IPaddress).

 

The uplink to the IAP:

description *** IAP Aruba Test ***
switchport trunk native vlan 90
switchport trunk allowed vlan 1,4,90
switchport mode trunk
no cdp enable
end

 

The clients connecting to the wlan1 (vlan1) cant´t get an IP. It seems that they are falling into the native vlan 90.

Does the IAP tag the vlan 1? I am missing something?

 

Thank you all.

gmoutinho

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: VLAN tagging issue with IAP

I believe this is a bug in the current IAP firmware I suggest you to contact TAC to confirm it. We ran into similiar issue and got the response that currently IAP does not support using a native vlan other than VLAN 1 on a trunk port of the uplink interface.

Contributor II
Posts: 63
Registered: ‎07-23-2014

Re: VLAN tagging issue with IAP

[ Edited ]

Hi, apparently this 'bug' still exists...I've send the below question to support, but I probably should have posted it here.

 

Here's the question:

 

I have an issue with a customer who has a 'flat' vlan 1 network.
All clients have a fixed IP in vlan 1.

There was one Instant cluster of about 50 IAP-135 access points, with the following SSID's:
- EMPLOYEES: Radius authentication, client vlan assignment: default vlan, client ip assignment: network assigned (fixed IP's)
- PUBLIC: portal authentication, client ip assignment: Virtual controller assigned (internal dhcp)
- SMARTPHONES: WPA2, client vlan assignment: static vlan 20, client ip assignment: network assigned (external dhcp)

As he wanted different SSID's on different sites I've split the cluster in several small clusters. I've done that by putting the AP's in a seperate native vlan.

This worked fine, for the PUBLIC and SMARTPHONES SSID's, but not for the EMPLOYEES SSID.
As the default (native) vlan wasn't 1 anymore I adjusted the EMPLOYEES SSID to 'client vlan assignment: static vlan 1' (tagged in vlan 1).

But this doesn't seem to work. Somehow it seems impossible to tag VLAN 1 on the SSID / VC.

As I wanted to put the VC controller management IP in VLAN 1 (as all other devices) I've specified this as such in the <system> tab on the VC. After that I completely lost connection with the virtual controller.
The access points of that particular cluster were still accessible via their IP in the native vlan of the cluster.

EX:
cluster 100:
IAP101: 192.168.100.1 / 24
IPA102: 192.168.100.2 / 24
untagged: vlan 100, tagged vlan 1, 20
Virtual Controller: 192.168.100.100 255.255.255.255 -> VC reachable
Virtual Controller: 192.168.1.100 255.255.255.0 vlan 1 ---> after this setting no longer reachable

cluster 200:
IAP101: 192.168.200.1 / 24
IPA102: 192.168.200.2 / 24
untagged: vlan 200, tagged vlan 1, 20

Frequent Contributor II
Posts: 149
Registered: ‎01-31-2013

Re: VLAN tagging issue with IAP

Hi, the VLAN bug still exist. I met it again with IAP-103 with AaubaOS 6.4.0.3-4.1.0.1. It will be fixed in later versions by Aruba??? Massimo
------------------------------------------------------------
Massimo Gallina
Telecommunications engineer - ACMP2013
MVP
Posts: 331
Registered: ‎04-25-2013

Re: VLAN tagging issue with IAP

dear,

do the bug steal exist or not . have you contact the Aruba support or not.

 

Raouf CHAHBOUNE
ICT Network & Security Engineer
CCNP R/S | CCNA Security | ACMP|ACDX



[If my post is helpful please give kudos, or mark as solved if it answers your post.]
Contributor II
Posts: 63
Registered: ‎07-23-2014

Re: VLAN tagging issue with IAP

Hi

 

I'm not sure if it's a 'bug' or by design, but is isn't possible to tag vlan 1.

 

As the customer didn't have a support contract, Aruba support couldn't help me.

 

Br

Peter

Aruba Employee
Posts: 5
Registered: ‎12-26-2012

Re: VLAN tagging issue with IAP

Hi,

 

By default IAP consider native vlan as 1 and consider the wireless users traffic from vlan 1 as untagged.

To mitigate this situation we neeed to run the below command in CLI of IAP.

Conf t

enet-vlan <native vlan>

commit apply

 

 

This will chnage the default native vlan 1 to the exisitng one.

 

Thanks,
Sreejith

Search Airheads
Showing results for 
Search instead for 
Did you mean: