Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎03-28-2013

Aruba 620 controller can't ping outside devices but clients connected to it can

Our company has an Aruba 620 controller and an Aruba AP105 access point for testing.

 

The APs create a WiFi network (ssid ArubaTest) in a VLAN (id 1) with private addresses in the 172.16.0.0/12 range. Both the APs (well... AP, because I only have one) and the Controller receive an IP in that range (the controller is static on 172.16.0.254). Clients can connect to the ArubaTest network and receive and IP in that 172.16.0.0/12 range (the controller is behaving as a DHCP server)

 

The Controller has access to the “outside world” (internet) through the uplink (port 8). In our office space there is an external router that provides internet access. I have no access to said equipment. On our office's wall there is a bunch of Ethernet ports that when something is plugged in, provide an IP address (in the range 10.0.0.0/8) and the routing information through DHCP (pretty typical setup for an office shared by many people, I would say). The uplink is assigned to another VLAN (id 2) and configured to get its IP though DHCP.

 

If I log in the controller's web interface and I go to the Configuration > Network > IP > IP routes tab, I can see that the Default Gateway is that external router we have in our office space: its IP is 10.192.7.1

 

Now, something that has been bugging me a bit is that if I go to Configuration > IP > IP Interfaces tab, the VLAN with id 2 (where the Uplink is assigned) is not getting an 10.0.0.0/8 address but 172.17.9.1, which I don't think its an IP our office router provides.

 

Here's what I see on Config > Network > IP > IP Interfaces tab:

 

1

172.16.0.254

255.255.255.0

fe80::1a:1e00:121:c270 

FE1/0-7,Pc0-7

2 (DHCP)

172.17.9.1

255.255.240.0

fe80::1a:1e00:221:c270 

GE1/8

 

It almost looks (to me, who has no idea) that the second VLAN is getting its addresses from the controller itself, not from the external router the uplink is connected to, but I don't really know whether this is normal or not...

 

Thanks to the replies in this conversation, all the clients connected to the VLAN 1 have now access to the internet (enabling source NAT did the trick). Everything is working fine for the clients connected to that network (as a matter of fact, I'm writing this on a laptop connected to the ArubaTest wifi network). From my laptop, I can ping 8.8.8.8, or google.com and I get a proper reply:

 

savir@savir-machina:~$ ping -c5 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_req=1 ttl=51 time=50.2 ms

64 bytes from 8.8.8.8: icmp_req=2 ttl=51 time=39.8 ms

64 bytes from 8.8.8.8: icmp_req=3 ttl=51 time=119 ms

64 bytes from 8.8.8.8: icmp_req=4 ttl=51 time=41.0 ms

64 bytes from 8.8.8.8: icmp_req=5 ttl=51 time=42.6 ms

 

--- 8.8.8.8 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4005ms

rtt min/avg/max/mdev = 39.804/58.619/119.476/30.644 ms

 

The question now is: how come that the controller itself can not ping hosts? If log in the controller's web interface, Diagnostics tab and try to ping 8.8.8.8, I get:

 

.....Sent 5, 100-byte ICMP Echos to 8.8.8.8, timeout 2 seconds:

 

Success rate is 0 percent (0/5)

 

How can I make the controller be able to reach external Ips?

 

In case it helps, from the controller's web interface I can ping the AP, my own computer (the laptop I'm writing this from), but not the default gateway (10.192.7.1)

 

Thank you in advance!

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

do this:

 

config t

 

ip default-gateway import dhcp

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎03-28-2013

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

Hi cjoseph. Thanks for your reply.

 

I tried that, and it didn't seem to work. I still can't ping 8.8.8.8 from the Diagnostics > Network > Ping page. I'm still not that familiar with the CLI interface (I'm on it, though). I did the following:

 

(Aruba620-US) >enable
Password:*******
(Aruba620-US) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba620-US) (config) #ip default-gateway import dhcp
(Aruba620-US) (config) #
(Aruba620-US) #exit
(Aruba620-US) >exitConnection closed by foreign host.
Connection to 172.16.0.254 closed.

 

Did I need to save it... somehow? I also tried rebooting the controller after doing this.

 

Thank you again

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

Do two things:

 

config t

interface vlan 1

ip nat inside

 

 

Also remove the static default gateway that you had before.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎03-28-2013

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

Wow. Thanks for the fast reply!

 

I did what you mentioned, I rebooted the controller... Still same result (not able to ping 8.8.8.8)

 

The VLAN2 (where the Uplik is connected to) keeps getting the IP 172.17.9.1 (still, not sure if this is supposed to happen)

 

Also (and maybe it's relevant) the controller's role is set to Master.

 

I have:

    Enable source NAT for this VLAN

    Enable Inter-VLAN Routing

activated for both VLANs

Guru Elite
Posts: 21,029
Registered: ‎03-29-2007

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

You should not have to reboot anything.

 

Did you say that the clients in the 172.16.0.0 can get to the internet?  What is their default gateway?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎03-28-2013

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

It looks like it's the controller itself:

 

savir@savir-machina:~$ route -n

Kernel IP routing table
Destination   Gateway       Genmask        Flags Metric Ref Use Iface
0.0.0.0       172.16.0.254  0.0.0.0        UG    0      0   0   wlan0
169.254.0.0   0.0.0.0       255.255.0.0    U     1000   0   0   wlan0
172.16.0.0    0.0.0.0       255.255.255.0  U     2      0   0   wlan0 

 

 

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

Hi,

 

Good morning, :smileyhappy:

 

1.Are your sure that the port that u connected your uplink port to (your VLAN2) is a port that acting as a ACCESS port and not as a TRUNK PORT with native VLAN? (In the other equitment - not on the controller - check your switch port settings)

 

*CHECK IT*

*THIS MIGHT BE YOUR ISSUE*

 

2.Delete all the routes that u created (STATICS) and let the controller it own gw(via dhcp) or config u controller port as static address and not a DHCP address. <- Check it agian please

 

3.do a bit reading here:

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/Network_Parameters.php

 

Let's us know - if some of thoese tips helped u.

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: Aruba 620 controller can't ping outside devices but clients connected to it can

If you would like to be sure - Disconnect the controller port  (from the switch you connected it to) and connect your laptop to this port - and check what ip details are u getting / and if u getting the right vlan/ip's...

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: