Wireless Access

Hi there,

I am assisting a customer with a POC and I am having issues with DHCP over an Instant-VPN to a 7005 Cloud Services Controller. The VPN between the IAP and 7005 controller is operating correctly but I cannot for the life of me get DHCP working.

I have set up a DHCP scope on Cloud Services Controller (VLAN 400 - 10.10.10.0 /24) which also has a VLAN 400 interface with IP address of 10.10.10.1. The 7005 Controller is also the Default Gateway for this subnet.

The SSID is VC assigned to VLAN 400, The DHCP scope is set to L2-Centralized specifiying VLAN 400. It does not matter if I enable DHCP relay or not.

The client simply never gets an IP address. The debugs show it constantly sending out DHCP request with no reply. Configuring the DHCP server locally on the IAP using local mode or distributed works fine.

Any ideas?

-Brett

Attachment(s)

Client Debug.txt   60 KB 1 version

If you configure a static IP address on your client connected to the IAP, can you successfully ping the controllers interface on VLAN 400?

What Instant version are you running?

What uplink type do you have on your IAP?

Cheers,

How are you tunnelling back to the controller?

Per iAP or from the VC?

When I was setting up my Guest VLAN, I had a similar experience.

I learned that in the VC-sourced-tunnel I would need to put the VLAN into the switch-fabric so that the client's DHCP request and the DHCP server's response could get from the VC to the client's AP over that fabric.

In per-iAP tunnels, the DHCP exchange passes from client to AP over tunnel and back smoothly.

Hi Matthew,

Thanks for the response. I was wondering whether I need to tag VLAN 400 on the switching network, but there there will only be a single AP per site, so clients will connect directly to the IAP/VC. This solution is also for a guest network.

-Brett

Hi Christoffer,

I will have to try pinging the Controller on Monday. It was late Friday evening here in Australia and didn't even think of using a static IP as the other DHCP methods worked locally. I will try ping the controller from the client on Monday.

Uplink type is IPSEC, single IAP.

IAP version is 6.5.0.0-4.3.0.0. This was setup by the local Aruba SE leading the POC.

-Brett

I'm running iAP: 6.4.2.6-4.1.1.8_50989

and Controller: 6.4.2.8

My configuration has the controller as a layer-2 connection to the switch and router for VLAN 100, which may be a significant difference between our configurations.

Here are my settings in case it helps your thinking...

Here's the iAP configurations:

And the Controller settings:

Thank you all for the feedback. It turns out the VLAN interface on the Mobility Controller was administraively shut down. TAC advised that it can only be brought back up via the CLI. Is this really the case?

-Brett

If it is not tied to a physical interface, yes, that is the case.

Go into the vlan interface and issue the command operstate up or something like that =)

Cheers,