Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 6
Registered: ‎06-21-2012

Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10.1)

We are one of your distributors and I have seen this in several different networks we've setup, but here is my specific situation internally:

 

Network:

 - I have wireless and wired clients sitting on a simple 192.168.201.x network

 - These clients frequently use resources from a 192.168.10.x network

 

Wireless:

 - Single IAP-135, running a single SSID configured as Type: "Employee"

 

Problem:

 - When a wireless client tries to reach 192.168.10.1, it would occasionally go to the IAP-135's GUI.

 - This does not affect wired clients

 

My only guess is that at one point, we did have a SSID set up as Type: "Guest" and the VC's randomly selected network happened to be 192.168.10.x. Although that SSID has long been removed, it seems like the IAP / VC is still trying to claim that IP. (And even if the "Guest" SSID is still running, I don't think a randomly created network should be allowed to affect the "Employee" side anyway, right?)

 

Thanks in advance!

 

Josh

 

 

 

Here is our current config (with personal info scrubbed)

 

version 6.1.3.0-3.1.0
virtual-controller-country US
virtual-controller-key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name user-wireless
organization user
virtual-controller-ip 192.168.201.5
ntp-server 192.5.41.41
clock timezone Pacific-Time -08 00
rf-band all
dynamic-radius-proxy
ams-ip 192.168.168.100
ams-key xxxxxxxxxxxxxxxxxxxxxxx

allow-new-aps
allowed-ap d8:c7:c8:cb:c9:9a


snmp-server community xxxxxxxxx

arm
 wide-bands 5ghz
 a-channels 44,48,149,153,157,161,165,44+,149+,157+
 min-tx-power 127
 max-tx-power 127
 band-steering-mode force-5ghz
 air-time-fairness-mode preferred-access
 client-aware
 scanning
rf dot11g-radio-profile
 spectrum-monitor
 interference-immunity 4

rf dot11a-radio-profile
 spectrum-monitor

ip dhcp pool
 dns-server 4.2.2.2
 domain-name domain.com
 lease-time 480

internal-domains
 domain-name domain.com
 domain-name domain2.com

syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless


opendns domain2 61661002de7663aa7230bac58c0310a5cb54dd82678557db
device-id 0010D78B763A8693
mas-integration


user guest xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx portal

user josh xxxxxxxxxxxxxxxxxxxxxxxxxx radius
user joe xxxxxxxxxxxxxxxxxxxxxxx radius
user test xxxxxxxxxxxxxxxxxxxxxxx radius

mgmt-user admin xxxxxxxxxxxxxxxxxxxxxxxxx

wlan access-rule default_wired_port_profile
 rule any any match any any any permit

wlan access-rule domain2
 rule any any match any any any permit

wlan access-rule domain2.com
 rule any any match any any any permit

wlan access-rule user
 rule any any match any any any permit

wlan access-rule default_dev_rule
 rule any any match any any any permit

wlan ssid-profile domain2.com
 index 1
 type employee
 essid domain2.com
 wpa-passphrase xxxxxxxxxxxxxxxxxxxxxxxxxxx
 opmode wpa2-psk-aes
 max-authentication-failures 0
 rf-band all
 captive-portal disable
 dtim-period 1
 inactivity-timeout 1000
 broadcast-filter none
 blacklist
 dmo-channel-utilization-threshold 90

enet-vlan guest

 

wlan auth-server ca-dc2008
 ip 192.168.1.9
 port 1812
 acctport 1813
 key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

wlan captive-portal
 background-color 13421823
 banner-color 10066431
 banner-text "Welcome to the Guest Network."
 terms-of-use "Please read and accept terms and conditions and then login."
 use-policy "This network is not secure and use it at your own risk."

wlan external-captive-portal
 server localhost
 port 80
 url "/"
 auth-text "Authenticated"

blacklist-time 3600
auth-failure-blacklist-time 3600

ids classification
ids rogue-containment

ids
 wireless-containment none
 infrastructure-detection-level high
 client-detection-level high
 infrastructure-protection-level high
 client-protection-level high


wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 1
 shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type employee
 captive-portal disable


enet0-port-profile default_wired_port_profile
enet1-port-profile default_wired_port_profile
enet2-port-profile default_wired_port_profile

uplink
 preemption
 enforce none

l3-mobility

 

MVP
Posts: 2,920
Registered: ‎10-25-2011

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

[ Edited ]

You can select what network will be distrubuted by the IAP, fo rthe guest network

Here is the image you do it in settings, maybe you got an old firmware... you need to update it to the lastest...

dhcp.png

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 2,920
Registered: ‎10-25-2011

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

It is an internal network not guest... try using not a magic vlan with assigned by the VC... instead tag it to the IAP a vlan specially for wireless and on the switch core put in a interface vlan for that vlan... on the dhcp server well put the dhcp scope for that vlan...

 

The magic vlan you use it, for guest not really for employee network

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Occasional Contributor I
Posts: 6
Registered: ‎06-21-2012

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

Thanks for the reply NighShade1
 
We do have the latest firmware: 6.1.3.4-3.1.0.1_35899 (2012-10-26) and I do notice that we can manually specific a Guest network range now.
 
However, for us, that field is currently blank and we don't have a Guest network setup.
 
 
MVP
Posts: 2,920
Registered: ‎10-25-2011

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

It doesnt matter if you dont have a guest setup... if you put an employ network with a virtual controller assigment ip, then he will use that range you put in there...

 

But like i said that magic vlan is for guest not really for employee network.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Occasional Contributor I
Posts: 6
Registered: ‎06-21-2012

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

@NightShade1: Thanks again for your replies. I think I have an extremely good understanding of the Aruba Instant, so that's why I think this is more of a bug. Especially because I have seen this in other Aruba Instant networks before.

 

MVP
Posts: 2,920
Registered: ‎10-25-2011

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

It does not let you put a value in there?

or you put another network in there and does not work?

Becuase i just tested it and worsk perfectly here...and i got the same firmware...

Or maybe i m not understanding you what you want to do?

 

As what i understand you want to change the addressing distrubuited by the VC to another....

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Occasional Contributor I
Posts: 6
Registered: ‎06-21-2012

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

@NightShade1: Thank you for trying to replicate the problem :)  

My main problem is that the IAP / VC is responding on an IP (192.168.10.1) that is not even configured on the unit, which is affecting normal traffic destined for the real 192.168.10.1

 

 

MVP
Posts: 2,920
Registered: ‎10-25-2011

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

Try putting another value dont leave it in blank... maybe by default he uses that one if you dont set anything... you said it was in blank those spaces...

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 2,920
Registered: ‎10-25-2011

Re: Virtual Controller is responding to HTTP requests on an old and unused Magic VLAN IP (192.168.10

[ Edited ]

If you leave it in blank you see it uses a 255.255.254.0 and it uses as default gateway by default 192.168.10.1bug2.png

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: