Controller-less WLANs

How can we verify if the traffic for multiple vlans is traversing the mesh link ?
Requirement:

DHCP (vlan 100,vlan 350)<----Switch1======Trunk======IAP Mesh Portal >>>>>>>>>>>>>>>>IAP Mesh Point====Trunk====Switch2 --->Wired Client (vlan 100)

 

Client connected to Switch2 on access port for vlan 100 should get an IP from the DHCP present on Switch1



Solution:

DHCP (vlan 100,vlan 350)<----Switch1======Trunk======IAP Mesh Portal ==========IAP Mesh Point====Trunk====Switch2 --->Wired Client (vlan 100)
     
Network Topology:

1. Mesh Portal is connected to a trunk port on the switch1

Native vlan:    350
Allowed vlan :  1,350,100     
  
2. Mesh point's E0 port is connected to a switch2 & will act as downlink port.

There will be wired clients connected behind the switch whose traffic needs to be passed across the mesh link.

Switch port config:

Native vlan:    350
Allowed vlan :  1,350,100

 

We will use the following steps to bring up the mesh network :

   a) Connect the IAPs to a wired switch.
   b) Ensure that the Virtual Controller key is synchronized and the country code is configured.
   c) Ensure that a valid SSID is configured on the IAP.
   d)If the IAP has a factory default SSID (instant SSID), delete the SSID.
   e)If an extended SSID is enabled on the virtual controller, disable it and reboot the IAP cluster.
   
 2. In order to pass the tagged traffic across the mesh link, we need to enable E0 bridging on the IAP acting as Mesh Point.
 
 Enabling wired bridging on this port of an IAP makes the port available as a downlink wired bridge and allows client access through the port.
 
 When this change is made, we will get a prompt for rebooting the IAP in order for the change to take effect. We do not have to reboot the IAP at this point.
 
 4. We also need to change the wired port profile mapped to E0 port on the cluster to allow the required vlans on it.
 
 Wired-port-profile only works on downlink port. So, we have already enabled enet0_bridging on the mesh point making its eth0 as downlink which means that only the mesh point will use this
 new wired port profile.
 
 5. We need to reboot the mesh point post the above steps & wait for it to join the cluster.
 6. We can connect a client on Switch2 on access port for vlan 100 & verify it gets an IP address.



Configuration:

1. We can disable the extended SSID from the Web UI:

Web UI--->System

 

2.  Configuring the wired port profile.

This profile will be mapped to port E0. 

Web UI-->More-->Wired

 

 

 

 

3. Enabling Eth0-bridging on the IAP which will act as mesh point

 

 

 



Verification

1. We can verify the role of mesh portal & point from the Web UI by clicking on the Access Point tab.

 

CLI:

 

2. We can log in to the Mesh point CLi to ensure that enet0 bridging got enabled.

 

3.  At this moment, E0 port of mesh point is connected to Switch2.

The datapath bridge table output will tell us the number of vlans allowed across the mesh point (vlan 1,100,350 in our case)

 

 

4.  We also have a wired client connected on the same switch on another port which is mapped to vlan 100.

We can enable the debug pkt dump for dhcp on both mesh portal/point to check the DHCP flow:

 

IAP# debug pkt type dhcp

IAP#debug pkt match mac <mac-address of client>

IAP# debug pkt dump

 

Mesh Point:

 

Received packet from aruba000 (timestamp (2016-5-13 15:21:45:258498))
[asap_firewall_forward(5055):firewall entry] len 346, vlan 0, egress CP, ingress aruba000:
  #mac: etype 8100 smac f0:1f:af:64:d6:c3 dmac ff:ff:ff:ff:ff:ff
  #vlan 100, prio 0, etype 0800
  #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17, dscp 0, fragment ok, last fragment, fragment offset 0
    #udp: sport 68 dport 67 len 308
      #dhcp: message-type: request
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: message-type: discover
[asap_firewall_forward(5229):vlan decision] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_check_dhcp_packet(2388):dhcp packet from client] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5632):looking up bridge entry] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(7563):dropping packet - opcode 0] len 346, vlan 100, egress CP, ingress aruba000:

Received packet from aruba000 (timestamp (2016-5-13 15:21:45:449309))
[asap_firewall_forward(5055):firewall entry] len 346, vlan 0, egress CP, ingress aruba000:
  #mac: etype 8100 smac 00:0b:86:95:b9:77 dmac f0:1f:af:64:d6:c3
  #vlan 100, prio 0, etype 0800
  #ip: sip 192.168.100.3, dip 192.168.100.254, proto 17, dscp 4, fragment ok, last fragment, fragment offset 0
    #udp: sport 67 dport 68 len 308
      #dhcp: message-type: reply
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             your ip: 192.168.100.254
             next server ip: 192.168.100.3
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: netmask: 255.255.255.0
      #dhcp-option: router: 192.168.100.3
      #dhcp-option: dns-server: 4.2.2.2
      #dhcp-option: message-type: offer
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_check_dhcp_packet(2428):dhcp packet to client] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5632):looking up bridge entry] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5943):bridge section] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(6072):session section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6838):route section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6888):cp route section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(7171):forward section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(7493):forwarding packet to bond0] len 346, vlan 100, egress bond0, ingress bond0:

Received packet from bond0 (timestamp (2016-5-13 15:21:45:451649))
[asap_firewall_forward(5055):firewall entry] len 379, vlan 0, egress CP, ingress bond0:
  #mac: etype 8100 smac f0:1f:af:64:d6:c3 dmac ff:ff:ff:ff:ff:ff
  #vlan 100, prio 0, etype 0800
  #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17, dscp 0, fragment ok, last fragment, fragment offset 0
    #udp: sport 68 dport 67 len 341
      #dhcp: message-type: request
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: requested-ip: 192.168.100.254
      #dhcp-option: message-type: request
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 379, vlan 100, egress CP, ingress bond0:
[asap_firewall_check_dhcp_packet(2388):dhcp packet from client] len 379, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(5632):looking up bridge entry] len 379, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(5943):bridge section] len 379, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(6072):session section] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_forward(6838):route section] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_forward(6888):cp route section] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_forward(7171):forward section] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(8530):flooding] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(8730):checking dev5 bond0] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(8730):checking dev16 aruba001] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(9277):flooding to aruba001] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(8730):checking dev17 aruba000] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(9277):flooding to aruba000] len 379, vlan 100, egress vlan 100, ingress bond0:
[asap_firewall_flood(9295):stack section protocol=0x8100, type=1] len 379, vlan 100, egress vlan 100, ingress bond0:

Received packet from aruba000 (timestamp (2016-5-13 15:21:45:454488))
[asap_firewall_forward(5055):firewall entry] len 379, vlan 0, egress CP, ingress aruba000:
  #mac: etype 8100 smac f0:1f:af:64:d6:c3 dmac ff:ff:ff:ff:ff:ff
  #vlan 100, prio 0, etype 0800
  #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17, dscp 0, fragment ok, last fragment, fragment offset 0
    #udp: sport 68 dport 67 len 341
      #dhcp: message-type: request
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: requested-ip: 192.168.100.254
      #dhcp-option: message-type: request
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 379, vlan 100, egress CP, ingress aruba000:
[asap_firewall_check_dhcp_packet(2388):dhcp packet from client] len 379, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5632):looking up bridge entry] len 379, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(7563):dropping packet - opcode 0] len 379, vlan 100, egress CP, ingress aruba000:

Received packet from aruba000 (timestamp (2016-5-13 15:21:45:455547))
[asap_firewall_forward(5055):firewall entry] len 346, vlan 0, egress CP, ingress aruba000:
  #mac: etype 8100 smac 00:0b:86:95:b9:77 dmac f0:1f:af:64:d6:c3
  #vlan 100, prio 0, etype 0800
  #ip: sip 192.168.100.3, dip 192.168.100.254, proto 17, dscp 4, fragment ok, last fragment, fragment offset 0
    #udp: sport 67 dport 68 len 308
      #dhcp: message-type: reply
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             your ip: 192.168.100.254
             next server ip: 192.168.100.3
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: netmask: 255.255.255.0
      #dhcp-option: router: 192.168.100.3
      #dhcp-option: dns-server: 4.2.2.2
      #dhcp-option: message-type: ack
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_check_dhcp_packet(2428):dhcp packet to client] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_check_dhcp_packet(2469):Send dhcp user(192.168.100.254) to STM and create the L3 user] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5632):looking up bridge entry] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5943):bridge section] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(6072):session section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6838):route section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(6888):cp route section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(7171):forward section] len 346, vlan 100, egress bond0, ingress aruba000:
[asap_firewall_forward(7493):forwarding packet to bond0] len 346, vlan 100, egress bond0, ingress bond0:
 

Mesh Portal:

Received packet from aruba000 (timestamp (1970-0-5 10:38:40:782740))
[asap_firewall_forward(5055):firewall entry] len 346, vlan 0, egress CP, ingress aruba000:
  #mac: etype 8100 smac f0:1f:af:64:d6:c3 dmac ff:ff:ff:ff:ff:ff
  #vlan 100, prio 0, etype 0800
  #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17, dscp 0, fragment ok, last fragment, fragment offset 0
    #udp: sport 68 dport 67 len 308
      #dhcp: message-type: request
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: message-type: discover
[asap_firewall_forward(5229):vlan decision] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5632):looking up bridge entry] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5943):bridge section] len 346, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(6072):session section] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6838):route section] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6888):cp route section] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(7171):forward section] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(8530):flooding] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(8730):checking dev3 bond0] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(9277):flooding to bond0] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(8730):checking dev13 aruba000] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(9277):flooding to aruba000] len 346, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(9295):stack section protocol=0x8100, type=1] len 346, vlan 100, egress vlan 100, ingress aruba000:

Received packet from bond0 (timestamp (1970-0-5 10:38:40:974078))
[asap_firewall_forward(5055):firewall entry] len 346, vlan 0, egress CP, ingress bond0:
  #mac: etype 8100 smac 00:0b:86:95:b9:77 dmac f0:1f:af:64:d6:c3
  #vlan 100, prio 0, etype 0800
  #ip: sip 192.168.100.3, dip 192.168.100.254, proto 17, dscp 4, fragment ok, last fragment, fragment offset 0
    #udp: sport 67 dport 68 len 308
      #dhcp: message-type: reply
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             your ip: 192.168.100.254
             next server ip: 192.168.100.3
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: netmask: 255.255.255.0
      #dhcp-option: router: 192.168.100.3
      #dhcp-option: dns-server: 4.2.2.2
      #dhcp-option: message-type: offer
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_check_dhcp_packet(2428):dhcp packet to client] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(5632):looking up bridge entry] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(5943):bridge section] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(6072):session section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6838):route section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6888):cp route section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(7171):forward section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(7493):forwarding packet to aruba000] len 346, vlan 100, egress aruba000, ingress aruba000:

Received packet from aruba000 (timestamp (1970-0-5 10:38:40:977829))
[asap_firewall_forward(5055):firewall entry] len 379, vlan 0, egress CP, ingress aruba000:
  #mac: etype 8100 smac f0:1f:af:64:d6:c3 dmac ff:ff:ff:ff:ff:ff
  #vlan 100, prio 0, etype 0800
  #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17, dscp 0, fragment ok, last fragment, fragment offset 0
    #udp: sport 68 dport 67 len 341
      #dhcp: message-type: request
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: requested-ip: 192.168.100.254
      #dhcp-option: message-type: request
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 379, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5632):looking up bridge entry] len 379, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(5943):bridge section] len 379, vlan 100, egress CP, ingress aruba000:
[asap_firewall_forward(6072):session section] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6838):route section] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(6888):cp route section] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_forward(7171):forward section] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(8530):flooding] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(8730):checking dev3 bond0] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(9277):flooding to bond0] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(8730):checking dev13 aruba000] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(9277):flooding to aruba000] len 379, vlan 100, egress vlan 100, ingress aruba000:
[asap_firewall_flood(9295):stack section protocol=0x8100, type=1] len 379, vlan 100, egress vlan 100, ingress aruba000:

Received packet from bond0 (timestamp (1970-0-5 10:38:40:980321))
[asap_firewall_forward(5055):firewall entry] len 346, vlan 0, egress CP, ingress bond0:
  #mac: etype 8100 smac 00:0b:86:95:b9:77 dmac f0:1f:af:64:d6:c3
  #vlan 100, prio 0, etype 0800
  #ip: sip 192.168.100.3, dip 192.168.100.254, proto 17, dscp 4, fragment ok, last fragment, fragment offset 0
    #udp: sport 67 dport 68 len 308
      #dhcp: message-type: reply
             hardware type: 1, len: 6, hops: 0
             txn id: 0xc16b66f7, seconds elapsed: 0
             your ip: 192.168.100.254
             next server ip: 192.168.100.3
             client mac: f0:1f:af:64:d6:c3
             magic cookie: 0x63825363
      #dhcp-option: netmask: 255.255.255.0
      #dhcp-option: router: 192.168.100.3
      #dhcp-option: dns-server: 4.2.2.2
      #dhcp-option: message-type: ack
      #dhcp-option: dhcp-server: 192.168.100.3
[asap_firewall_forward(5229):vlan decision] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_check_dhcp_packet(2428):dhcp packet to client] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(5632):looking up bridge entry] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(5943):bridge section] len 346, vlan 100, egress CP, ingress bond0:
[asap_firewall_forward(6072):session section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6266):fastpath returned 1 opcode 4] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6298):slowpath section: opcode 4] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6534):back to fastpath, opcode 3] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6838):route section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(6888):cp route section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(7171):forward section] len 346, vlan 100, egress aruba000, ingress bond0:
[asap_firewall_forward(7493):forwarding packet to aruba000] len 346, vlan 100, egress aruba000, ingress aruba000:
 

Mesh Point Wired clients output:

 

 

Mesh portal client table:

 

Web UI:

 

 

Version history
Revision #:
2 of 2
Last update:
‎05-18-2016 01:21 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.