Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP Dirty of No Config When Vlan Hop in Controller

This thread has been viewed 2 times

  • 1.  AP Dirty of No Config When Vlan Hop in Controller

    Posted May 27, 2015 06:02 PM

    Hi,

    I thought this one is easy, but after a few hours, I am clueless.

    At small SOHO a 650 version 6.4.2.7 controller was deployed. Controller is the router, dhcp server, three vlans: data, default, and external to the Internet.

    • All ports are trusted
    • “ap wired-ap-profile default” for AP port is trusted

    Problem:

    AP will be “2ID”, no config, if in any vlan different than controller-ip vlan

     

    (Aruba650) #show vlan

VLAN CONFIGURATION
------------------
VLAN  Description       Ports                   AAA Profile
----  -----------       -----                   -----------
1     Default           GE1/1-4 GE1/6-7 Pc0-7   N/A
100   DATA              GE1/0                   N/A
900   OUT_TO_INTERNET   GE1/5                   N/A

    Controller ip is in Vlan 1, if AP in Vlan 100, it will be "2ID"

    (Aruba650) #show datapath session table | include 10.0.1.2
10.0.1.2        10.0.0.1        17   8209  8209   0/0  0    0   0   tunnel 12   9    0          0          FCI
10.0.1.2        10.0.0.1        17   8209  8419   0/0  0    0   0   tunnel 12   9    0          0          FYCI
10.0.1.2        10.0.1.1        17   8209  8209   0/0  0    0   0   1/0         2    0          0          FDYC
10.0.1.2        10.0.1.1        17   8211  8222   0/0  0    0   0   local       2    0          0          FNYI
10.0.0.1        10.0.1.2        17   8222  8211   0/0  0    0   0   local       2    0          0          FSCI
10.0.0.1        10.0.1.2        17   8209  8209   0/0  0    0   1   tunnel 12   9    0          0          FYI
10.0.0.1        10.0.1.2        17   8419  8209   0/0  0    0   1   tunnel 12   9    0          0          FYI
10.0.1.2        10.0.0.1        17   4500  4500   0/0  0    0   0   1/0         2    0          0          FC
10.0.0.1        10.0.1.2        17   4500  4500   0/0  0    0   0   1/0         2    0          0          FY
10.0.1.2        10.0.0.1        47   0     0      0/0  0    40  0   1/0         4fc  0          0          FC
10.0.0.1        10.0.1.2        47   0     0      0/0  0    0   0   1/0         4fc  0          0          F

    Datapath of AP while Dirty

     

    Best Regards,

     



  • 2.  RE: AP Dirty of No Config When Vlan Hop in Controller

    Posted May 27, 2015 06:26 PM
    Can you do a show ip interface brief and make sure the interface is up / up


  • 3.  RE: AP Dirty of No Config When Vlan Hop in Controller

    Posted May 28, 2015 09:09 AM

    Yes, all vlans are up/up

    (Aruba650) #show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                        10.0.0.1 / 255.255.255.0     up      up
vlan 900                 x.x.x.x / 255.255.255.0     up      up
vlan 100                      10.0.1.1 / 255.255.255.0     up      up
loopback                    unassigned / unassigned        up      up
mgmt                        unassigned / unassigned        down    down

(Aruba650) #show ap database

AP Database
-----------
Name               Group    AP Type  IP Address  Status         Flags  Switch IP                                                Standby IP
----               -----    -------  ----------  ------         -----  ---------                                                ----------
d8:c7:c8:c2:50:4c  default  105      10.0.1.2    Up 15h:28m:7s  2ID    10.0.0.1                                                 0.0.0.0


  • 4.  RE: AP Dirty of No Config When Vlan Hop in Controller

    EMPLOYEE
    Posted May 28, 2015 09:14 AM
    You could be blocking GRE traffic from the subnet that the access point is on.


  • 5.  RE: AP Dirty of No Config When Vlan Hop in Controller

    Posted May 28, 2015 09:53 AM

    This 650 controller was “write erase all” to manufacture default, reinstalled licenses which include APs, PoE, RFP and NG-PEF.

    At current, the controller configured with three vlans, dhcp server, and nothing else. So by default it seems like the controller blocks GRE between two subnets within itself.

    I am looking for a way to remove this block.

    Port mirror traffic shows GRE between AP and controller:

    Capture.PNG



  • 6.  RE: AP Dirty of No Config When Vlan Hop in Controller

    EMPLOYEE
    Posted May 28, 2015 09:55 AM

    I would type "show datapath session table <ip address of access point>" to see if any traffic is being denied.

     

    I don't know what your configuration is, so we have to go through this step by step.



  • 7.  RE: AP Dirty of No Config When Vlan Hop in Controller

    Posted May 28, 2015 10:28 AM

    Thanks Colin.  as I stated earlier, the configuration is all controller default

    Datapath show only one deny from AP to its gateway, which is also at the controller.

    AP ip address: 10.0.1.2/24

    Gateway of the subnet that AP resides on: 10.0.1.1/24

    Controller ip address: 10.0.0.1/24

    Capture.PNG



  • 8.  RE: AP Dirty of No Config When Vlan Hop in Controller

    EMPLOYEE
    Posted May 28, 2015 10:30 AM

    Please open a tac case.  I am only guessing based on what you are telling me, so there could be something hidden that is preventing your access point from connecting successfully.

     



  • 9.  RE: AP Dirty of No Config When Vlan Hop in Controller

    Posted May 28, 2015 01:53 PM

    Case opened.  I'll update the result.



  • 10.  RE: AP Dirty of No Config When Vlan Hop in Controller
    Best Answer

    Posted May 28, 2015 04:22 PM

    Problem SOLVED!!!

    AP does not like NAT.  Removed "ip nat inside" from the vlan interface of the controller solved my problem.

     

    Credit and kudos to TAC.