Network Management

So we have a couple of RAP's at a branch site connected to a modem/switch (those crappy things ISP's give you) that connect over the internet to our firewall, which then forwards toward the controller. The RAP provisioning seems to works fine and the RAP's are getting an IP via DHCP from the modem/switch. They are all in the same AP group.

SSID profile uses WPA2 authentication with AES.

Virtual AP profile is enabled, VLAN is 1 and forward mode is 'bridge'.

We use the same Virtual AP profile for RAP's connected via our routers to our intranet and there everything works fine (switches are behing a router and have VLAN1 for data and VLAN30 for VoiP).

However clients trying to connect to the RAP's at the branch site are unable to get an IP via DHCP from the modem/switch and I don't understand why.

Thanks in advance for any help you guys can give me and in case I didn't give enough info please ask.

Do your clients show up in the user table on the controller?

What is their role?

What is the output of "show rights <role>"

Wow, thanks a lot for that swift reply :D

Before I answer all that, how and where can I do 'show rights <role>' ?

They don't show up btw.

Their roles should be : (if it is that what u are asking)

- Initial role : logon

- Mac authentication default role: guest

- 802.1X Authentication Default Role: authenticated

Could it be the fact that I specify VLAN 1 as VLAN ? If the frames get tagged maybe the modem/switch flips out over that.

By default the untagged VLAN is 1, so if you set the Virtual AP VLAN to be one, and the forwarding mode to be bridged, those frames will end up untagged onto the network.

The Initial Role should be your "production role" or "authenticated" to make it as easy as possible for your users to get all of their traffic onto the network.