10-21-2012 08:57 PM
I'm having a problem with the latest 220.127.116.11-18.104.22.168 firmware on brand new Aruba IAP-93 access points we are setting up. Our Guest ssid wireless (on another vlan id) is not passing data over our vpn but Employee ssid works fine. If I downgrade the firmware it works fine without config change.
We rolling out multiple small sites with these APs and have done 5 or so far but latest two rollouts are having problems because they have the latest 22.214.171.124-126.96.36.199 firmware. The APs are setup with two SSIDs (setup in this order), one for Employees (native lan) and another for Guests on vlan 10. Both networks have access to a VPN to another site which has a webserver. Routing and VPN is done by as Cisco ASA. On the Employee network everything works fine. I'm able to access the local lan, the vpn and the internet. On the guest network I can access the local guest lan and the internet but not the vpn.
I test this setup with my laptop (which allows me to connect to different vlans) and it works juist fine. I downgrade the firmware version to and it works fine without even changing the config. I worked with Cisco support to verify the setup is correct on that end (originally thought it was a routing issue) and they even did some packet tracing and they don't see any data coming in.
Employee wireless is setup for WPA2 personal with a passphrase but without aruba filtering. IPs are assigned by the cisco.
Guest wireless is open without security nor any arbua filtering. IPs are assigned by the cisco.
I verified that Layer-3 Mobility is disabled
The AP is setup very basicly. Just setup a static ip for the controller on the employee lan and setup the 2 SSIDs. The rest are default configs.
I read over the firmware release pdf and outside of the layer-3 mobility feature, I don't see anything that might cause this issue. Anyone has any ideas on this cause? Thanks.