ArubaOS and Controllers

Reply
Contributor I
Posts: 49
Registered: ‎01-20-2010

understanding inter-VLAN routing

In order to understand some VLAN routing issues, we are running an Aruba 200 with one access point and one remote access point in a test environment.

The APs get IP addresses from VLAN 99. Even though my management server is placed in the same VLAN as the APs, I cannot ping them as long as inter-VLAN routing is disabled. I need to enable inter-VLAN routing for VLAN 99 to make this work.

I thought that is for routing between different VLANs. I seems, however, that this feature does also some routing between the LAN and the wireless.

Am I correct? Is there some more detailed information on inter-VLAN routing?

Regards
Dirk
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Inter-Vlan Routing

Inter Vlan routing determines if an IP interface on an Aruba controller can be used either by clients, or devices to route to a different subnet. There are reasons why you would want to disable inter-vlan routing and reasons why you would not.:

If a client has a default gateway that is the Aruba controller and you want the Aruba Controller to route traffic for that client, leave inter-vlan routing on (default).

If the Aruba controller simply has an IP interface on a layer2 network, but clients have a default gateway OTHER than the Aruba controller, AND you want clients to be forced to use their default gateway for that secondary device, you should DISABLE inter-vlan routing on that interface.

Does that make sense?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 49
Registered: ‎01-20-2010

Re: understanding inter-VLAN routing

At our installation, the Aruba controller isn't the default gateway for no network. So according to what you are saying, I should be able to turn VLAN routing off. That's what I thought as well. Everything is working fine for my clients. The can reach their gateway and get access as needed. In that sense it works as expected.

However, I cannot reach my APs from the LAN sending a simple ping command. Here I need inter-VLAN routing to be turned on even though my management server is on the same VLAN.
Contributor I
Posts: 49
Registered: ‎01-20-2010

Re: understanding inter-VLAN routing




Sorry for not being clear: This is true for remote APs but not for inhouse APs.

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Leave it on

Inter Vlan routing is on by default, and is normal. You should only turn it off if you have a security issue.

You might not be able to ping your APs from the LAN because of how your LAN is segmented or a firewall. Only the controller really needs to reach the APs and vice-versa, anyways.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 49
Registered: ‎01-20-2010

Re: understanding inter-VLAN routing




You might want to think of a larger organization with APs all over the place. They have network management systems and monitor their equipment with software like HP OpenView or so. If an AP fails, a dot on a map turns red and a technician without any access to the Aruba system replaces the AP. So not only the controller needs to reach the APs.

Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Network Management

You are absolutely right. Managing in that fashion is definitely an option.

All of the information that is needed about access points, however, like whether they are up or down, how many users are on them, etc. can be obtained via SNMP to the controller's IP address alone in a centralized deployment like Aruba. Aruba APs do not run an SNMP daemon, so they cannot be polled individually for any information.

You can manage each individual AP as a single element through ping, but it yields very little information besides if a particular IP address is answering a ping or not. If an AP reboots and gets a different IP address, the NMS will then lose it's correlation. Utilizing SNMP to the Aruba controller yields the most information without the overhead of individual element management.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 49
Registered: ‎01-20-2010

Re: understanding inter-VLAN routing

This would solve my issue. I'll check how I can get the status of single APs using the controllers SNMP information.

Thanks for showing me the way.
Guru Elite
Posts: 20,815
Registered: ‎03-29-2007

Support Site MIB Guide

On the support site Under documentation> ArubaOS > ArubaOS 3.4 there is an ArubaOS 3.4 MIB guide which details which MIBs give you what info. There are also other network management packages that support ArubaOS in this fashion if you don't want to poll MIBs yourself.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 498
Registered: ‎04-03-2007

Re: understanding inter-VLAN routing

Interesting thread. I don't believe "don't worry about pinging the APs; just use the controller" is an acceptable answer for this issue. Of course information is available via the controller and/or Airwave; however, wanting to ping a device shouldn't need an explanation.

vieregg, if you cannot ping from your LAN, try a traceroute. Follow the path until you can see where it breaks down. It could be a routing problem at your network or a misconfiguration in the forwarding path. These are guesses since I have no idea how your network is setup. This doesn't sound like an Aruba issue (yet) but rather a networking issue.
==========
Ryan Holland, ACDX #1 ACMX #1
The Ohio State University
Search Airheads
Showing results for 
Search instead for 
Did you mean: