08-24-2015 10:06 AM
Hello everyone. I have a mystery on my hand that's stumping me, and I'd appreciate any ideas from the community. Up front, there is no problem on my network. I had a problem, and fixed it, but I have no idea WHY my fix worked, and it's bugging me.
So I was recently brought in at a company that has an Aruba Instant network of APs. There's multiple APs, broadcasting 3 different SSIDs, and all controlled by one Virtual Controller (VC). The VC's IP address is on VLAN 100. VLAN 100 is our primary VLAN, most of the network sits on it. All the SSIDs are all on separate VLANs. When I first came in, DHCP was not working on any of the WLANs and all hosts had to be statically configured. The company has a DHCP server with scopes defined for all the VLANs, and the intent was to have wireless clients get their IP addresses from that DHCP server, not have the VC handle any DHCP requests. Easy enough, I logged into the VC through the web browser interface and configured necessary centralized DHCP scopes for the different VLANs. When I did this, I did not configure a scope for VLAN 100, because any device plugging into an AP would be on a different VLAN. I signed onto one of the WLANs and presto, DHCP worked great.
This is where the problems started. All of a sudden, I could not access the VC from any computer sitting on VLAN 100. Couldn't ping it or log onto it. The VC could only be reached by a computer connected to one of the WLANs. This seemed odd to me, as the clients are all on different subnets from the subnet that the VC was addressed for, and could access it even though nothing else on that subnet could reach the VC. Also, there was a single website that clients could not access from the WLANs. The rest of the internet worked fine, but we only implemented the WiFi for this single website that now they couldn't access. With a metaphorical shrug of my shoulders, I connected to one of the WLANs, logged onto the VC, and added one more centralized DHCP scope. I configured this one for VLAN 100 (the main VLAN), and disable DHCP relay. Once that was done, everything worked great. I could log onto the VC from VLAN 100, and the clients could access the website fine.
How does this make sense? I don't understand how a DHCP misconfiguration would stop the VC from reached from VLAN 100. It was statically assigned an IP, so why does it not being configured to look for DHCP on VLAN 100 knock it out of view? I also don't even know where to start with that single website being unavailable.
Sorry for the long story, but if anyone has any response as to why this solution worked, I'd appreciate it.