ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Bride mode not working after 5.0.3.1 upgrade

Hello all,

We recently updated from ArubaOS 3.x to 5.0.3.1. All seems to be working as expected, except for wired users who get bridged through an AP 70.

ap wired-ap-profile "profilename"
wired-ap-enable
forward-mode bridge
switchport access vlan xxx

Any thoughts?
Occasional Contributor II
Posts: 44
Registered: ‎04-02-2007

Re: Bride mode not working after 5.0.3.1 upgrade

Is this a RAP? If it's a CAP you need to have CPSec enabled on it for bridge mode to work.
Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Re: Bride mode not working after 5.0.3.1 upgrade

It is a RAP.

I think I might have found the problem...

from reading another post (http://airheads.arubanetworks.com/vBulletin/showthread.php?t=3354&highlight=forward-mode), I checked the aaa authentication wired. Here is what I found:

aaa authentication wired
profile "aaa-portal"

-then looked for "aaa-portal"

aaa profile "aaa-portal"
initial-role "pre-auth"

-then looked for "pre-auth"

user-role pre-auth
captive-portal "cap-portal"

THEN, in the 5.0.3.1 release notes:
40076 Captive Portal is not supported in bridge mode.

Did I just find the problem?
Guru Elite
Posts: 21,284
Registered: ‎03-29-2007

Re: Bride mode not working after 5.0.3.1 upgrade

That is not your answer, unless you are somehow doing captive portal, which I doubt.

Please check the post here http://airheads.arubanetworks.com/vBulletin/showthread.php?t=2105, and make sure that the wired AP VLAN and the Native VLAN ID in the AP system profile match.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Re: Bride mode not working after 5.0.3.1 upgrade

We are doing captive portal for wireless users.

I noticed that since the upgrade, "trusted" has been removed from the profiles in question.


ap wired-ap-profile "profile name"
wired-ap-enable
forward-mode bridge
switchport access vlan xxx
- trusted

If I try to add "trusted", I get an error saying:
Warning: split-tunnel OR Bridge wired port can only be "Not Trusted". Changing "Trusted" to "Not Trusted".

Edit: I should add that I looked at that thread already and confirmed on the switch that the tagging is happening correctly.
Guru Elite
Posts: 21,284
Registered: ‎03-29-2007

Re: Bride mode not working after 5.0.3.1 upgrade

Are you talking about wired users, or wireless users? What was happening before that does not happen now?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Re: Bride mode not working after 5.0.3.1 upgrade

I'm talking about wired users.

They used to just bridge to the LAN through the AP and not hit the controller at all. That is what we wanted.

Now it appears they are hitting the controller, but getting stuck in the "logon" role. The controller reports 169 addresses, I assume passed from the AP. The switch shows the correct mac and vlan on the interface as it always has, but these clients can't DHCP like they used to.
Guru Elite
Posts: 21,284
Registered: ‎03-29-2007

Re: Bride mode not working after 5.0.3.1 upgrade

You also need to add a AAA profile to the wired AP profile. Any AAA profile where the initial role is "authenticated" will do.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 36
Registered: ‎02-08-2011

Re: Bride mode not working after 5.0.3.1 upgrade

Yup, we have the profile for wired with the role set to authenticated, but it just doesn't seem to take; they still get put into "logon". The Aruba tech I was working with made a few changes remotely and experienced the same thing, so I know it's not just a config fail on my part.
Guru Elite
Posts: 21,284
Registered: ‎03-29-2007

Re: Bride mode not working after 5.0.3.1 upgrade

To be more clear, you need a AAA profile assigned to that wired profile (highlighted in the screen capture below, that has clients in the "initial role" of authenticated". Please compare the screenshot with what you have and let us know.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: