Wireless Access

Reply
Contributor I
Posts: 21
Registered: ‎04-07-2016

DHCP issue over Instant-VPN: Centralized L2 Mode

 

Hi there,

I am assisting a customer with a POC and I am having issues with DHCP over an Instant-VPN to a 7005 Cloud Services Controller. The VPN between the IAP and 7005 controller is operating correctly but I cannot for the life of me get DHCP working.

 

I have set up a DHCP scope on Cloud Services Controller (VLAN 400 - 10.10.10.0 /24) which also has a VLAN 400 interface with IP address of 10.10.10.1. The 7005 Controller is also the Default Gateway for this subnet.

 

The SSID is VC assigned to VLAN 400, The DHCP scope is set to L2-Centralized specifiying VLAN 400. It does not matter if I enable DHCP relay or not.

 

The client simply never gets an IP address. The debugs show it constantly sending out DHCP request with no reply. Configuring the DHCP server locally on the IAP using local mode or distributed works fine.

 

Any ideas?

 

-Brett

MVP
Posts: 314
Registered: ‎04-03-2014

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

If you configure a static IP address on your client connected to the IAP, can you successfully ping the controllers interface on VLAN 400?

 

What Instant version are you running?

 

What uplink type do you have on your IAP?

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
MVP
Posts: 719
Registered: ‎12-01-2010

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

How are you tunnelling back to the controller?

Per iAP or from the VC?

When I was setting up my Guest VLAN, I had a similar experience.

I learned that in the VC-sourced-tunnel I would need to put the VLAN into the switch-fabric so that the client's DHCP request and the DHCP server's response could get from the VC to the client's AP over that fabric.

In per-iAP tunnels, the DHCP exchange passes from client to AP over tunnel and back smoothly.

 

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Contributor I
Posts: 21
Registered: ‎04-07-2016

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

Hi Matthew,

 

Thanks for the response. I was wondering whether I need to tag VLAN 400 on the switching network, but there there will only be a single AP per site, so clients will connect directly to the IAP/VC. This solution is also for a guest network.

 

-Brett

 

Contributor I
Posts: 21
Registered: ‎04-07-2016

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

[ Edited ]

Hi Christoffer,

 

I will have to try pinging the Controller on Monday. It was late Friday evening here in Australia and didn't even think of using a static IP as the other DHCP methods worked locally. I will try ping the controller from the client on Monday.

 

Uplink type is IPSEC, single IAP.

 

IAP version is 6.5.0.0-4.3.0.0. This was setup by the local Aruba SE leading the POC.

 

-Brett

MVP
Posts: 719
Registered: ‎12-01-2010

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

[ Edited ]

I'm running iAP: 6.4.2.6-4.1.1.8_50989

and Controller: 6.4.2.8

 

My configuration has the controller as a layer-2 connection to the switch and router for VLAN 100, which may be a significant difference between our configurations.

 

Here are my settings in case it helps your thinking...

 

Here's the iAP configurations:

SSID-VLAN.png

DHCP-Servers.png

Tunnel-Controllers.png

Tunnel-Routing.png

 

And the Controller settings:

Controller-tunnel.png

 

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Contributor I
Posts: 21
Registered: ‎04-07-2016

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

Thank you all for the feedback. It turns out the VLAN interface on the Mobility Controller was administraively shut down. TAC advised that it can only be brought back up via the CLI. Is this really the case?

 

-Brett

Guru Elite
Posts: 21,257
Registered: ‎03-29-2007

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

If it is not tied to a physical interface, yes, that is the case.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 314
Registered: ‎04-03-2014

Re: DHCP issue over Instant-VPN: Centralized L2 Mode

Go into the vlan interface and issue the command operstate up or something like that =)

 

Cheers,

Christoffer Jacobsson | Aranya AB
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: