Home > Community > Technology > Controllerless Networks > Management access over wireless- Instant

Controllerless Networks

Reply
Topic Options
laiskfons
New Contributor
laiskfons

Management access over wireless- Instant

‎11-01-2016 12:56 AM

Hello

 

I am having difficulties figuring out, whow I can modify managment access for directly connected wireless clients.

 

VC and IAPs are in vlan5 and SSID setup is following:
SSID1. Client IP assignment -> Network Assigned and Client VLAN assignment -> Default.  //IAP and client will get IP address from same DHCP scope(vlan5), IAP SSID ACL is any-any allow


SSID2. Client IP assignment -> Network Assigned and Client VLAN assignment -> VLAN40 //IAP(vlan5) and client(vlan40) will get IP addresses from diffrent IP scopes, IAP SSID ACL and router(terminates the subnets) ACL has any-any allow rules.

 

I have managment access to VC-s, when connected to SSID1, but not when connected to SSID2. I did a packet capture and saw that when connected to SSID2 then ssh/https packets are correctly sent to router via vlan40 and router is correctly routing these packets to vlan5 and IAP, but IAP is not responding to them. I I do icmp ping, then IAP is responding...

 

Did not find any option to allow this access, is this by feature or do I have option to allow this traffic?

 

Thank you!

Alert a Moderator
Message 1 of 5
395 Views
Reply
0 Kudos
MVP MVP
MVP
zalion0

Re: Management access over wireless- Instant

‎11-01-2016 01:53 AM

Do you have the native vlan configured on the switch ports for the IAP?

Might also be worth seeing if you have any Management Subnet restrictions on the IAP (Security -> Inbound Firewall -> Magement and Corporate access configuration)


ACMA, ACMP
If my post addresses your query, give kudos:)
Alert a Moderator
Message 2 of 5
379 Views
Reply
0 Kudos
laiskfons
New Contributor
laiskfons

Re: Management access over wireless- Instant

‎11-01-2016 02:01 AM

I have native vlan configured:

- in same direction ping is working

- If I connect myself directly with cable to router and vlan 40(SSID2), then I also have access to IAP

 

No management subnet restrictions have been configured, they are as it comes in default setup(allow all).

Alert a Moderator
Message 3 of 5
372 Views
Reply
0 Kudos
MVP MVP
MVP
zalion0

Re: Management access over wireless- Instant

‎11-01-2016 02:12 AM

Thanks, it is odd that https isn't working yet ping is. I would've suggested it could be due to the cert being revoked based on the latest round of security issues.Do you see anything in the datapath session when you attempnt to connect? Would you mind sharing the configuration as well?

 

 


ACMA, ACMP
If my post addresses your query, give kudos:)
Alert a Moderator
Message 4 of 5
367 Views
Reply
0 Kudos
laiskfons
New Contributor
laiskfons

Re: Management access over wireless- Instant

‎11-01-2016 06:26 AM - edited ‎11-01-2016 06:27 AM

Thank you for answers.

If I connect laptop with cable to the same VLAN, then I can get access to IAP. So I do not think it is releated to certificate, it is rather releted to client being wirelessly connected to IAP..

Added cleaned configuration.

 

Alert a Moderator
Message 5 of 5
341 Views
Reply
0 Kudos
Search Airheads
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Copyright © 2016 Aruba, a Hewlett Packard Enterprise company.
All Rights Reserved.
Powered by Lithium