ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2011

Routing problem ?

Hi,

I have a problem, and i think it come from the routing. I have 2 VLAN on my controller :

VLAN CONFIGURATION
------------------
VLAN Description Ports
---- ----------- -----
1 Default GE1/0-3 Pc0-7
6 VLAN0006 GE1/3
1039 VLAN1039 GE1/3


My wireless client are in the vlan 1. The rest of the network is on the 6. My controller can ping an IP address in the VLAN 6 and 1. My wifi client can ping the gateway in the VLAN 1. The gateway VLAN 1 is the controller. But, the clients in the VLAN 1 can not ping a thing in the vlan 6 !

This is the dhcp config :

show ip dhcp database

DHCP enabled

# DHCP_pool_Clients
subnet 10.20.0.0 netmask 255.255.0.0 {
default-lease-time 72000;
max-lease-time 72000;
option domain-name "mycorp.com";
option vendor-class-identifier "ArubaAP";
option vendor-encapsulated-options "x.x.x.x";
option domain-name-servers 10.20.0.1;
option routers 10.20.0.1;
range 10.20.0.2 10.20.1.255;
range 10.20.3.1 10.20.255.254;
authoritative;
}


What's wrong ? I need to route something ? If I make a tracert from a wireless clients, the first line is my gateway, but they can not go after !
Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Routing problem ?

What role are your clients in? (show user)

What rights does that role have? (show rights )
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2011

Re: Routing problem ?

Hi,

So my clients are "StudentCollab" This is the policy of this :

show rights StudentCollab

Derived Role = 'StudentCollab'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 54/0
Max Sessions = 65535


access-list List
----------------
Position Name Location
-------- ---- --------
1 StudentsCollab

StudentsCollab
--------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ -------
1 any any any permit Yes Low
2 any any svc-http permit Low
3 any any svc-dns permit Low
4 any any svc-dhcp permit Low

Expired Policies (due to time constraints) = 0


I have put the first line for testing. Everything is permit ! But, they can't pass the controller
Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Routing problem ?

please type "show user" and show vlan status.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2011

Re: Routing problem ?

show user-table

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------
10.20.255.253 00:1b:77:12:71:5f sgistpi StudentCollab 00:00:05 802.1x 00:24:6c:ca:3d:d0 Wireless hevs/00:24:6c:23:dd:09/a aaa_dot1x tunnel

User Entries: 1/1


Vlan Status
-----------
VlanId IPAddress Adminstate Operstate PortCount Nat Inside Mode Ports
------ --------- ---------- --------- --------- ---------- ---- -----
1 10.20.0.1/255.255.0.0 Enabled Up 2 Disabled Regular GE1/0 GE1/3 Pc0-7
2 172.16.1.1/255.255.0.0 Enabled Up 4 Disabled Regular GE1/0-3
6 153.109.6.222/255.255.255.0 Enabled Up 2 Disabled Regular GE1/0 GE1/3
1039 N/A N/A N/A 2 Disabled Regular GE1/0 GE1/3
Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Routing problem ?

when the client is attempting to ping, do a "show datapath session table " to see if anything is being blocked. Do the same while trying to ping the client from VLAN6.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2011

Re: Routing problem ?

This is when a client ping something in the VLAN1 :

show datapath session table 10.20.255.253

Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
I - Deep inspect, U - Locally destined

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
10.20.255.253 239.255.255.250 17 1769 1900 0/0 0 96 1 tunnel 14 e FC
10.20.255.253 239.255.255.250 17 1773 1900 0/0 0 96 0 tunnel 14 e FC
10.20.255.253 10.20.0.1 1 0 0 0/0 0 0 1 local 11 FI
10.20.255.254 10.20.255.253 1 10752 0 0/0 0 96 1 tunnel 14 9 FI
10.20.255.254 10.20.255.253 1 11008 0 0/0 0 96 0 tunnel 14 8 FI
10.20.255.254 10.20.255.253 1 10240 0 0/0 0 96 1 tunnel 14 b FI
10.20.255.254 10.20.255.253 1 10496 0 0/0 0 96 1 tunnel 14 a FI
10.20.255.254 10.20.255.253 1 11264 0 0/0 0 96 0 tunnel 14 1 FI
10.20.255.253 10.20.255.254 1 10752 2048 0/0 0 96 1 tunnel 14 9 FCI
10.20.255.253 10.20.255.254 1 11008 2048 0/0 0 96 1 tunnel 14 8 FCI
10.20.255.253 10.20.255.254 1 10240 2048 0/0 0 96 1 tunnel 14 b FCI
10.20.255.253 10.20.255.254 1 10496 2048 0/0 0 96 1 tunnel 14 a FCI
10.20.255.253 10.20.255.254 1 11264 2048 0/0 0 96 0 tunnel 14 1 FCI
10.20.255.255 10.20.255.253 17 138 138 0/0 0 96 0 tunnel 14 6 FY
10.20.255.255 10.20.255.253 17 137 137 0/0 0 96 1 tunnel 14 e FY


10.20.255.253 10.20.255.255 17 137 137 0/0 0 96 0 tunnel 14 13 FC
10.20.255.253 10.20.255.255 17 138 138 0/0 0 96 0 tunnel 14 b FC
10.20.255.253 224.0.0.22 2 2 2 0/0 0 96 1 tunnel 14 13 FCI
10.20.0.1 10.20.255.253 1 0 2048 0/0 0 0 1 local 16 FCI


And this is when it ping in VLAN6 :

show datapath session table 10.20.255.253

Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
I - Deep inspect, U - Locally destined

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----
153.109.6.1 10.20.255.253 1 12800 0 0/0 0 96 1 tunnel 14 17 FYI
153.109.6.1 10.20.255.253 1 13056 0 0/0 0 96 1 tunnel 14 11 FYI
153.109.6.1 10.20.255.253 1 13312 0 0/0 0 96 1 tunnel 14 c FYI
10.20.255.253 153.109.6.1 1 12800 2048 0/0 0 96 1 tunnel 14 17 FCI
10.20.255.253 153.109.6.1 1 13056 2048 0/0 0 96 1 tunnel 14 11 FCI
10.20.255.253 153.109.6.1 1 13312 2048 0/0 0 96 1 tunnel 14 c FCI


Ping doesn't work when I ping from the VLAN 1 to VLAN 6
Occasional Contributor I
Posts: 5
Registered: ‎03-08-2011

Re: Routing problem ?

In which mode I need to apply on my port ?

show port status

Port Status
-----------
Slot-Port PortType adminstate operstate poe Trusted SpanningTree PortMode
--------- -------- ---------- --------- --- ------- ------------ --------
1/0 GE Enabled Up Enabled Yes Forwarding Access
1/1 GE Enabled Down Enabled Yes Disabled Access
1/2 GE Enabled Up Enabled Yes Forwarding Access
1/3 GE Enabled Up Enabled Yes Forwarding Trunk


The VLAN 6 come on the 1/3. In this port, all the vlan can pass. But, for my 1/0, what i need to do ?
Guru Elite
Posts: 19,964
Registered: ‎03-29-2007

Re: Routing problem ?

The "show vlan status command" says that it is applied to the correct ports.

Try to ping the address 153.109.6.222 from the client, since it is the controller's ip address on VLAN 6
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: