Wireless Access

Reply
MVP
Posts: 289
Registered: ‎11-04-2008

AP Dirty of No Config When Vlan Hop in Controller

Hi,

I thought this one is easy, but after a few hours, I am clueless.

At small SOHO a 650 version 6.4.2.7 controller was deployed. Controller is the router, dhcp server, three vlans: data, default, and external to the Internet.

  • All ports are trusted
  • “ap wired-ap-profile default” for AP port is trusted

Problem:

AP will be “2ID”, no config, if in any vlan different than controller-ip vlan

 

(Aruba650) #show vlan

VLAN CONFIGURATION
------------------
VLAN  Description       Ports                   AAA Profile
----  -----------       -----                   -----------
1     Default           GE1/1-4 GE1/6-7 Pc0-7   N/A
100   DATA              GE1/0                   N/A
900   OUT_TO_INTERNET   GE1/5                   N/A

Controller ip is in Vlan 1, if AP in Vlan 100, it will be "2ID"

(Aruba650) #show datapath session table | include 10.0.1.2
10.0.1.2        10.0.0.1        17   8209  8209   0/0  0    0   0   tunnel 12   9    0          0          FCI
10.0.1.2        10.0.0.1        17   8209  8419   0/0  0    0   0   tunnel 12   9    0          0          FYCI
10.0.1.2        10.0.1.1        17   8209  8209   0/0  0    0   0   1/0         2    0          0          FDYC
10.0.1.2        10.0.1.1        17   8211  8222   0/0  0    0   0   local       2    0          0          FNYI
10.0.0.1        10.0.1.2        17   8222  8211   0/0  0    0   0   local       2    0          0          FSCI
10.0.0.1        10.0.1.2        17   8209  8209   0/0  0    0   1   tunnel 12   9    0          0          FYI
10.0.0.1        10.0.1.2        17   8419  8209   0/0  0    0   1   tunnel 12   9    0          0          FYI
10.0.1.2        10.0.0.1        17   4500  4500   0/0  0    0   0   1/0         2    0          0          FC
10.0.0.1        10.0.1.2        17   4500  4500   0/0  0    0   0   1/0         2    0          0          FY
10.0.1.2        10.0.0.1        47   0     0      0/0  0    40  0   1/0         4fc  0          0          FC
10.0.0.1        10.0.1.2        47   0     0      0/0  0    0   0   1/0         4fc  0          0          F

Datapath of AP while Dirty

 

Best Regards,

 

~Trinh Nguyen~
Boys Town
MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: AP Dirty of No Config When Vlan Hop in Controller

Can you do a show ip interface brief and make sure the interface is up / up
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 289
Registered: ‎11-04-2008

Re: AP Dirty of No Config When Vlan Hop in Controller

Yes, all vlans are up/up

(Aruba650) #show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                        10.0.0.1 / 255.255.255.0     up      up
vlan 900                 x.x.x.x / 255.255.255.0     up      up
vlan 100                      10.0.1.1 / 255.255.255.0     up      up
loopback                    unassigned / unassigned        up      up
mgmt                        unassigned / unassigned        down    down

(Aruba650) #show ap database

AP Database
-----------
Name               Group    AP Type  IP Address  Status         Flags  Switch IP                                                Standby IP
----               -----    -------  ----------  ------         -----  ---------                                                ----------
d8:c7:c8:c2:50:4c  default  105      10.0.1.2    Up 15h:28m:7s  2ID    10.0.0.1                                                 0.0.0.0
~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: AP Dirty of No Config When Vlan Hop in Controller

You could be blocking GRE traffic from the subnet that the access point is on.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 289
Registered: ‎11-04-2008

Re: AP Dirty of No Config When Vlan Hop in Controller

[ Edited ]

This 650 controller was “write erase all” to manufacture default, reinstalled licenses which include APs, PoE, RFP and NG-PEF.

At current, the controller configured with three vlans, dhcp server, and nothing else. So by default it seems like the controller blocks GRE between two subnets within itself.

I am looking for a way to remove this block.

Port mirror traffic shows GRE between AP and controller:

Capture.PNG

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: AP Dirty of No Config When Vlan Hop in Controller

I would type "show datapath session table <ip address of access point>" to see if any traffic is being denied.

 

I don't know what your configuration is, so we have to go through this step by step.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 289
Registered: ‎11-04-2008

Re: AP Dirty of No Config When Vlan Hop in Controller

Thanks Colin.  as I stated earlier, the configuration is all controller default

Datapath show only one deny from AP to its gateway, which is also at the controller.

AP ip address: 10.0.1.2/24

Gateway of the subnet that AP resides on: 10.0.1.1/24

Controller ip address: 10.0.0.1/24

Capture.PNG

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: AP Dirty of No Config When Vlan Hop in Controller

Please open a tac case.  I am only guessing based on what you are telling me, so there could be something hidden that is preventing your access point from connecting successfully.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 289
Registered: ‎11-04-2008

Re: AP Dirty of No Config When Vlan Hop in Controller

Case opened.  I'll update the result.

~Trinh Nguyen~
Boys Town
MVP
Posts: 289
Registered: ‎11-04-2008

Re: AP Dirty of No Config When Vlan Hop in Controller

Problem SOLVED!!!

AP does not like NAT.  Removed "ip nat inside" from the vlan interface of the controller solved my problem.

 

Credit and kudos to TAC.

 

~Trinh Nguyen~
Boys Town
Search Airheads
Showing results for 
Search instead for 
Did you mean: