Reply
Occasional Contributor I

IP Routing

I have a Aruba 3400 controller. Using a RAP-2WG to connect.

I have 5 satalitte offices. All of them are talking fine, except one IP range. 172.31.20.0/24

When I tracert I'm going out the local DSL line instead of coming back into the controller.

Under Network > IP > IP Routing, I have created the route:
172.31.20.0 | 255.255.255.0 | 172.31.20.1 | 1

but I'm still going out the local DSL. Any ideas? Did I miss something? Any help will be appericated. THANKS
Guru Elite

Re: IP Routing


I have a Aruba 3400 controller. Using a RAP-2WG to connect.

I have 5 satalitte offices. All of them are talking fine, except one IP range. 172.31.20.0/24

When I tracert I'm going out the local DSL line instead of coming back into the controller.

Under Network > IP > IP Routing, I have created the route:
172.31.20.0 | 255.255.255.0 | 172.31.20.1 | 1

but I'm still going out the local DSL. Any ideas? Did I miss something? Any help will be appericated. THANKS




Assuming you are doing split-tunneling, it is the user role, NOT the routing on the controller that dictates this behavior.

If you type "show user-table" you should be able to see the role of that user when he connects. After you do that, type "show rights " to see the ACLS that determine what gets tunneled back to the controller and what gets routed out.

Anything with a permit, gets tunneled back. Anything with a route src-nat gets set out the local network. Of course anything that is not explicitly permitted gets routed out locally.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: IP Routing

I don't seem to have the Enable password... have to work with my vendor on that.

Where would I find this in WebUI?
Guru Elite

Re: IP Routing

The enable password is not located in the WebUI. Let us look at the role through the webui, however. (try enable, or the admin password).

Click on Monitoring> Controller> Clients. Find the client you are interested in, and write down his role. Next, go to Configuration> Security> Access Control. Find the role from before and click on Edit to the right of it. You would then be able to see the ACLs for firewall policies attached to that role. Those would determine what gets tunneled and what gets routed.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: IP Routing

Sorry, I was asking where to find the ACL's in the WEB, which I did, but I'm a little confused.

I created a new Police and did:
Source: Any
Dest: 172.31.20.0 MASK 255.255.255.0
Service: Any

But it doesn't seem to have worked.. did I do it wrong?

Thanks again.
Guru Elite

Re: IP Routing

The user with the issue already has a role with a policy attached. We need to find out what role that user is in when he is attached, and then edit the policies for that role.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: IP Routing

I got it, nevermind. THANKS! without your help, I never would have found it.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: