Controller Based WLANs

What are possible ACLs that apply to bridge mode clients? Wireless clients connected to bridge mode SSID are able to associate and authenticate but unable to pass traffic. What are the possible issues?

Aruba Employee

Environment  : Any Aruba Controller
Any Aruba Access Point
Any Aruba OS

 

Clients connected to bridge SSIDs can associate to wireless and get an IP address but unable to pass traffic.

 

Need to check ap-uplink-acl and validuser ACL.

 

For clients that are able to associate to bridge mode SSIDs but unable to pass traffic, we must ensure the "ap-uplink-acl" allows the desired user traffic and also ensure that the "validuser" ACL allows the user subnet so that the client is allowed in the user-table.  Symptom for each are as follows:

1) If the "ap-uplink-acl" denies traffic, we will see the client associating and getting a valid IP address but a deny (D) flag in the datapath session table for the client IP address indicates traffic is being blocked either in the user-role or in the ap-uplink-acl.
2) If user-role and "ap-uplink-acl" are both allowing user traffic, we must double check the "validuser" ACL allows the specific user-subnet.  As a symptom, we will see the user-entry missing from the user-table on the Controller.

 

 

For clients that are able to associate to bridge mode SSIDs but unable to pass traffic, we must ensure the "ap-uplink-acl" allows the desired user traffic and also ensure that the "validuser" ACL allows the user subnet so that the client is allowed in the user-table.  Symptom for each are as follows:

1) If the "ap-uplink-acl" denies traffic, we will see the client associating and getting a valid IP address but a deny (D) flag in the datapath session table for the client IP address indicates traffic is being blocked either in the user-role or in the ap-uplink-acl.
2) If user-role and "ap-uplink-acl" are both allowing user traffic, we must double check the "validuser" ACL allows the specific user-subnet.  As a symptom, we will see the user-entry missing from the user-table on the Controller.

Version history
Revision #:
1 of 1
Last update:
‎07-14-2014 09:33 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.