Controllerless Networks

Reply
Occasional Contributor I

AP ESSID with 2 VLANs

I have a several 7024 Series controller at 2 different office locations. Both controllers are running the same OS version(6.4.4.16 w/ AP225) and configured identically.

 

At site A, when I run show ap essid, I get the appropriate vlan assignment for each ESSID. When I run the same command at site B, on 2 of the ESSID, there are two VLANs present. I checked the standard L2 IP info, user roles, VAP configurations for a possible misconfiguration. No luck.

 

The configurations on Site A controller is consistent with Site B.

 

ESSID Summary Site A
-------------
ESSID APs Clients VLAN(s) Encryption
----- --- ------- ------- ----------
CORP_WLAN 25 20 100 WPA2 8021X AES
BYOD_WLAN 25 10 200 WPA2 8021X AES
GUEST_WLAN 25 5 300 Open

 

ESSID Summary Site B
-------------
ESSID APs Clients VLAN(s) Encryption
----- --- ------- ------- ----------
CORP_WLAN 25 20 100,300 WPA2 8021X AES
BYOD_WLAN 25 10 200,300 WPA2 8021X AES
GUEST_WLAN 25 5 300 Open

mkk
Contributor II

Re: AP ESSID with 2 VLANs

Login in in the CLI of both controllers and run an show run. Save both in an txt file and compare together. You will find the difference.

I think it could be a different ‘named vlan pool’.
mkk
Contributor II

Re: AP ESSID with 2 VLANs

Login in in the CLI of both controllers and run an show run. Save both in an txt file and compare together. You will find the difference.

I think it could be a different ‘named vlan pool’.
Occasional Contributor I

Re: AP ESSID with 2 VLANs

Thanks for the reply/suggestion MKK. I pulled the configurations of both controllers and compared them in a text editor application. I did find two variations in the configuration. There was a misconfiguration in user-role login where the vlan was set.

 

Even though, I cleared/unassigned the VLAN from the user-role, there is no change in the vlans listed under the ESSID.

Regular Contributor I

Re: AP ESSID with 2 VLANs

Hi,

 

Without more info (configuration) it is harder to answer your question.

Please send a PM with both configs so i can assist.

 

 

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Guru Elite

Re: AP ESSID with 2 VLANs

 


@anthony_l_brice wrote:

Thanks for the reply/suggestion MKK. I pulled the configurations of both controllers and compared them in a text editor application. I did find two variations in the configuration. There was a misconfiguration in user-role login where the vlan was set.

 

Even though, I cleared/unassigned the VLAN from the user-role, there is no change in the vlans listed under the ESSID.


The configuration is one way that clients could get a different VLAN.  Other things, like radius attributes that are returned, do not show up in the configuration.

 

I would type "show ap vlan-usage" to see if you have any users at all in different VLANS.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: AP ESSID with 2 VLANs

Under the CORP_WLAN SSID, the valid VLAN is 100. When I do a show user-table ESSID CORP_WLAN, I see several valid authenticated users on VLAN 100, which is what I expect to see. There are no users in the user-table under the ESSID CORP_WLAN on VLAN 300(GUEST_WLAN ),

 

My concern is that the dual VLANs assigned to ESSID CORP_WLAN and BYOD_WLAN are causing potential delays in wireless client radius authentication and/or delay in obaining an ip address, maybe as a result of the client flapping between the incorrect correct VLAN 300 and the correct VLAN 100.

 

I extracted copies of the configuration from both controllers and compared in Solarwinds,Airwave and Subline. Under the user-role logon, I did find that vlan 300 was assigned to the role. I corrected the configuration and removed the vlan from the user-role. 

 

The only other configuration variation I located was the ip access-list session. The ip access-list session  ap-uplink-acl had an additional line added.

Regular Contributor I

Re: AP ESSID with 2 VLANs

Hi,

 

. I corrected the configuration and removed the vlan from the user-role. 

 

That should solve it.

 

 

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: