Wireless Access

Reply
Occasional Contributor II
Posts: 15
Registered: ‎04-11-2012

Can't get 105 AP's to work in Bridged Mode at Remote Site

I work at a school district with five buildings with each being it's own vlan/subnet. One of our remote buildings is connected to our main campus via a 10mbit link. All of the AP's at our main campus forward traffic to the controller and it works fine since we have fast links. For the remote building, I want to keep the same SSID setup (district and guest) at the remote building but use bridge mode so the guests are assigned IP's from that buildings subnet instead of the wireless vlan that the main campus devices get.

 

1) Enabled Control Plane Security and auto cert provisioning for all addresses

2) Made a new AP group named after the remote building

3) Made a new VAP in the new ap group set forwarding mode to bridge and made sure VLAN was set to none.

 

The AP gets the information from the controller, reboots and I can see the SSID. When I connect, it never assigns an IP and I end up getting a 169.x.x.x address eventually. If I switch it to bridged mode, it works just like the rest and get an IP from the wireless vlan but that isn't what I want for this remote building. I'm sure it's something simple I am missing but I can't seem to figure it out.

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site

Try making the VLAN 1.  That would match the default "Native VLAN-ID parameter" in the AP system profile of that ap-group.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site

[ Edited ]

Hi,

 

Here three tips:

 

 

  • Bridge mode working -  with no VLAN number in the VAP itself.
  • Check your AP system-profile for this/those rap units (in this specific rap AP-group)  - make sure that your session-acl is fitted with the right role.(for testing - try using: allowall)
  • in the same  AP system-profile check if everything working fine if u adding V to Remote-AP Local Network access

 Untitled2.png

dont forget to press apply + save config at the end.

 

 

Have a gr8 day.

 

 

BTW:

i didnt understand your post too much: :smileyhappy: (try to explain it agian - if further asstiance needed)

 

Untitled3.png

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Occasional Contributor II
Posts: 15
Registered: ‎04-11-2012

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site


kdisc98 wrote:

Hi,

 

Here three tips:

 

 

  • Bridge mode working -  with no VLAN number in the VAP itself.
  • Check your AP system-profile for this/those rap units (in this specific rap AP-group)  - make sure that your session-acl is fitted with the right role.(for testing - try using: allowall)
  • in the same  AP system-profile check if everything working fine if u adding V to Remote-AP Local Network access

 Untitled2.png

dont forget to press apply + save config at the end.

 

 

Have a gr8 day.

 

 

BTW:

i didnt understand your post too much: :smileyhappy: (try to explain it agian - if further asstiance needed)

 

Untitled3.png

 

 



We run two SSID's in our district. One is for district equipment and allows all traffic and the other is for BYOD and guest access to get online only. The main campus has a vlan for that assigns all wireless users an IP from the same subnet due to the AP's using tunnel mode back to the controller. There is a user role configured for the BYOD/guest ssid that throttles the bandwidth and only allows dhcp, dns, http and https so users can get get online. The district SSID role is open to all traffic.

At the remote building, I want to use the same SSID's but instead of getting an IP from the wireless vlan, I want it to basically act as a local access point and get an IP from the DHCP server in that building.

In the last line where I said "If I switch it to bridge mode" I meant to say to say tunnel instead of bridge. Tunnel mode works fine at the remote building but then all traffic will be traversing the slow link and I do not want that to happen.

Did that make better sense? Sorry for the confusion.

I will give the tips you provided a try and report back and let you know what happens.

Occasional Contributor II
Posts: 15
Registered: ‎04-11-2012

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site

Do I need to set these AP's as RAP's instead of CAP's? I thought I read where you can use bridge mode in CAP's as well. The 105 AP's in the remote building are still setup at CAP's.

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site

You can leave them as CAPs.  Bridge mode works for both, but you don't need IPSec protecting the AP -> controller communication.

 

You should have VLAN 1 (or something) in the VLAN definition for the CAP AFAIK.

Occasional Contributor II
Posts: 15
Registered: ‎04-11-2012

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site

[ Edited ]

Ok well I seem to have it working now but I'm not sure exactly what the fix was. I tried a few of the suggested methods and it began working so I backtracked and disabled them to see which one it was. I'm pretty sure I've disabled each of the features I enabled to get it working but it is still working. Go figure.

 

I think I am going to setup a VAP for our private SSID in bridge mode and configure the guest/byod SSID and leave it in tunnel mode. That seems like it will be a bit more secure anyways. Since the remote building access the internet from our main campus and it is throttled it shouldn't have much if any noticeable impact on our WAN link.

 

Thanks for the help everybody.

MVP
Posts: 1,405
Registered: ‎05-28-2008

Re: Can't get 105 AP's to work in Bridged Mode at Remote Site

:smileyhappy: Gr8 to hear.

 

A.Before u continue - can u please - copy&past screenshots from gui/cli of your ap-system-profile and your vap-profile / ssid-profile please?

B.Iam glad that it's working right now - BUT - u need to figure what solve it for the next time and also for this time.

 

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
Showing results for 
Search instead for 
Did you mean: