11-21-2013 03:34 PM
Our MPLS has multiple sites each with its own DHCP server/printer/fileshare, gateway. The 3400 controller is accessible from all. I am trying to setup an AP 105 at these sites.
I would like to setup each AP so wifi users have the same local functionality as PC user, ie printer, fileshare, dhcp. Authentication is 802.1x back to headoffice.
I have setup a VLAN (17) and IP 10.17.17.254 in the same subnet as one of the MPLS sites 10.17.17.0/24 with an AP Group using split -tunnel.
I am trying to understand how to set this up.
The AP is getting an IP on the local MPLS subnet from the DHCP, but keeps restarting.
Another issue is if I enable the VLAN on the controller this causes a routing issue, ie from the MPLS site the controller isn’t available, probably because the controller responses to the VLAN 17 and not back to the MPLS site.
Or do I setup the AP group in Bridge mode with no VLAN
All I want is the AP to 802.1x authenticate and provide network access.
Is there doco specifically on this setup procedure?
(I would also like to use the head office guest AP profile at each site, this is set forward mode tunnel)
Thanks in advance.
11-21-2013 04:22 PM
I don't have a specific use-case document up my sleeve, but if I were to set something like that up, I'd try it with an Open SSID or a PSK to get the plumbing including local drop off for clients onto their local LAN and then put 802.1x on top.
The AP getting local DHCP and constant rebooting sounds like it doesn't know where the controller is. You can use a helper address on the loal router to pass the aruba-discovery-protocol packets (port 8200) to the controller, or set the DHCP options in the local server to tell the AP where the controller is.
if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
11-24-2013 03:30 PM
Setting the DHCP options worked to get the AP connected to the controller.
However I am certain about the VLAN settings for the AP group, I have enabled the VLAN 17 and the VAP has this vLAN assigned.
However because of the routing issue caused I haven't assigned the VLAN to a Port, which so its Admin state is Enable but Operation state is Down.