Network Management

Reply
New Contributor
Posts: 3
Registered: ‎03-09-2017

RAP with Controller behind firewall not giving IP to clients

[ Edited ]

So we have a couple of RAP's at a branch site connected to a modem/switch (those crappy things ISP's give you) that connect over the internet to our firewall, which then forwards toward the controller. The RAP provisioning seems to works fine and the RAP's are getting an IP via DHCP from the modem/switch. They are all in the same AP group.

 

SSID profile uses WPA2 authentication with AES.

 

Virtual AP profile is enabled, VLAN is 1 and forward mode is 'bridge'.

 

We use the same Virtual AP profile for RAP's connected via our routers to our intranet and there everything works fine (switches are behing a router and have VLAN1 for data and VLAN30 for VoiP).

 

However clients trying to connect to the RAP's at the branch site are unable to get an IP via DHCP from the modem/switch and I don't understand why.

 

Thanks in advance for any help you guys can give me and in case I didn't give enough info please ask.

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: RAP with Controller behind firewall not giving IP to clients

Do your clients show up in the user table on the controller?

 

What is their role?

What is the output of "show rights <role>"



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎03-09-2017

Re: RAP with Controller behind firewall not giving IP to clients

[ Edited ]

Wow, thanks a lot for that swift reply :D

 

Before I answer all that, how and where can I do 'show rights <role>' ?

 

They don't show up btw.

 

Their roles should be : (if it is that what u are asking)

- Initial role : logon

- Mac authentication default role: guest

- 802.1X Authentication Default Role: authenticated

 

 

New Contributor
Posts: 3
Registered: ‎03-09-2017

Re: RAP with Controller behind firewall not giving IP to clients

[ Edited ]

Could it be the fact that I specify VLAN 1 as VLAN ? If the frames get tagged maybe the modem/switch flips out over that.

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: RAP with Controller behind firewall not giving IP to clients

By default the untagged VLAN is 1, so if you set the Virtual AP VLAN to be one, and the forwarding mode to be bridged, those frames will end up untagged onto the network.

 

The Initial Role should be your "production role" or "authenticated" to make it as easy as possible for your users to get all of their traffic onto the network.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: