Wireless Access

Reply
Contributor I

Aruba 3200 Wireless Giving out address from wrong VLAN

Hey all, 

 

I have an SSID that is attached to vlan 40 however when a user tries to connect to it, the connection takes a while and says "limited access" and when it finally does get an IP its either from a different vlan range or a self assigned IP.

Any ideas?

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

Give us some more relevant info:

 

  • What encryption are u using? Are u using any auth (like 802.1x or mac-auth?)
  • Check the user-role that your client getting.
  • Check that u got connectivity to VLAN40 , and that it's UP
  • DHCP from external server or from the controller?
  • If u setting another VLAN - is the client getting an IP , and it able to connect?

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

Are you using tunnel or bridge forward mode?

 

Can you post any relevant config? (ssid-profile, virtual-ap profile, aaa profile, etc)

 

What version are you running? 

 

If you are on ArubaOS 6.3 you can use the packet-capture feature on the controller via the CLI:

 

packet-capture destination local-filesystem

packet-capture datapath wifi-client <MAC ADDR>

 

Then pull the PCAP from the logs.tar.


ACMX#255 | ACDX#742 | ACCX#746 | AMFX#25 | ACMP | ACCP | AWMP
www.securelink.nl

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

 

Please share the following :

 

show ap association client-mac <device mac>

show user mac <device mac>

show rights <role name>

 

Is your uplink hosting that VLAN ? or your controller ? 

 

Do you have enforce-dhcp enabled under the aaa profile ?

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

Encryption: 802.1x - Connecting takes a long time (Notification comes up saying that its taking longer than usual, and then I have limited connectivity)

 

User-Role: Aruba Controller isn't even finding the user as they are getting a self assigned IP (169.x.x.x)

 

VLAN 40 is up and I can ping the IP I set to it.

 

DHCP from the controller.

 

UPDATE: I saw it get an address from the correct pool for about 2 mintues then it reverted back to the 169.x.x.x address.

 

 

 

 

Contributor I

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

Okay well here is my how I want my SSID to run.

2 layers on authentication.

1) WPA-2 Personal
2) MAC Auth

 

I am currently testing with a computer that I inputted the MAC address into the Internal DB already. 

 

AP profile: VLAN 40, Forward Mode: Tunnel, allowed band: all
AAA Profile: I have a Mac Auth profile configured, MAC Auth server group, and those were previously working.

When the user first connects, if they are not in the Internal DB they are to get a "denyall" role but if they do auth then they can get access to certain spots in the network.

The issue is that I cannot even connect to the network and get a valid IP address from the DHCP server. (With or without the "Enforce DHCP" option.)


Re: Aruba 3200 Wireless Giving out address from wrong VLAN

USE logon as initial role and try connect your client.

(if it's allowed mac it's should get the role u configured ,if it's allowed mac and it's getting web-auth disabled web page - u got something missconfigured in your mac-auth profile/mac-auth list.)


or make a role with only DHCP allowed.


I think the deny all is causing it for u right now.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

Also - u can keep deny all as initial role,but read here:
http://www.airheads.eu/t5/Unified-Wired-Wireless-Access/Mac-Authentication-Problem/m-p/136911
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Contributor I

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

I am using a guest role as initial however its still not working.

AND

That link you provided was a link I posted, as you can tell it was working but for some reason is no longer giving out DHCP.

Contributor I

Re: Aruba 3200 Wireless Giving out address from wrong VLAN

Even if I remove MAC authentication and just leave Wpa2-personal it still does the same thing.

JD

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: