Question: How do I configure the Aruba Wireless LAN controller with a cable modem (with dynamic IP address sent by the modem)?
Product and Software: This article applies to all Aruba controllers and ArubaOS versions.
Most deployments of an Aruba controller are in front of an Internet connection with a fixed IP address or a device downstream that would handle the dynamic nature of a broadband connection, like a SOHO router. What would happen at a site if you ONLY had a cable modem that supplies a dynamic address and an Aruba controller? Could the controller get an IP address, subnet mask, gateway, default route, and DNS settings and then route traffic? The answer, of course, is yes.
After you configure a management IP address and VLAN for the Aruba controller, create a separate VLAN for acquiring an IP address from your cable modem and assign it to a port using the 'ip address dhcp-client' command. This physical port would be connected to your cable modem or broadband device.
(Aruba) (config) #interface vlan 930
(Aruba) (config-subif)# ip address dhcp-client
(Aruba) (config-subif)# exit
(Aruba) (config) # interface fastethernet 1/0
(Aruba) (config-if)# switchport access vlan 930
(Aruba) (config-if)# end
(Aruba) # write memory
To route your clients out of that connection, the Aruba controller needs to get the default gateway from it dynamically. Use the 'ip default-gateway import' command to obtain your default gateway from the dynamic connection:
(Aruba) (config) #ip default-gateway import
Note: Disable spanning tree on the interface that is connected to the cable modem.
To automatically distribute the DNS server obtained from your broadband connection to clients in your pools, use the 'dns-server import' command:
(Aruba) (Config)# ip dhcp pool local
(Aruba) (Config)# network 188.8.131.52 255.255.255.0
(Aruba) (Config)# dns-server import
(Aruba) (Config)# domain-name wireless.com
(Aruba) (Config)# lease 1 0 0
(Aruba) (Config)# default-router 184.108.40.206
(Aruba) (Config)# no shutdown
(Aruba) (config)# end
(Aruba) # write memory
Verify that the interface address was obtained dynamically:
(Aruba) #show ip interface brief
Interface IP Address / IP Netmask Admin Protocol
vlan 1 192.168.15.3 / 255.255.255.0 up up
vlan 4000 220.127.116.11 / 255.255.255.0 up up
vlan 930 18.104.22.168 / 255.255.240.0 up up
DHCP is enabled on VLAN 930.
Verify that that the default gateway was obtained dynamically:
(Aruba) #show ip route
Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default
Gateway of last resort is 22.214.171.124 (DHCP) to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 126.96.36.199*
C 192.168.15.0 is directly connected, VLAN1
C 188.8.131.52 is directly connected, VLAN4000
C 184.108.40.206 is directly connected, VLAN10
Important note about security:
To ensure that no untrusted traffic comes from the Internet into the Aruba controller, create a session-acl that allows only DHCP and apply it to the interface that connects to the broadband device:
ip access-list session dhcp-only
any any svc-dhcp permit
any any any deny
interface fastethernet 1/0
ip access-group dhcp-only session