11-18-2013 01:29 PM
At a Hospital we have some GE Dash 4000 units that use our wireless network in order to communicate with their seperate network. These devices are all 802.11b and they work off broadcast. The way they work is that each unit sends a broadcast every 45 seconds. Anyone that sees that traffic can make a unicast communication with that device to monitor the device's output, in this case patien vital signs. Now, this works fine when the devices are connected to the the GE wired network, but not when the devices are connected to our wireless network.
The devices on wireless can see all the other devices, so they are receiving broadcast traffic, but non of the other devices can see the wireless units.
When checking the datapath session, I can see broadcast traffic from/to the host.
126.7.x.x 126.96.36.199 17 3200 7000 0/0 0 0 1 tunnel 1630 11 FC 0/0 0 0 0 local
188.8.131.52 126.7.x.x 17 7000 3200 0/0 0 0 1 tunnel 1630 12 FY 0/0 0 0 0 local
The clients state that they noticed the issue happen about 3 months ago, which is about the time when we replaced all the AP70s in that site with AP105s. Anyone have any clue what could be causing the broadcast traffic from the device not being seen by the other hosts? The broadcast traffic to the host is being seen, but not the other way around. We don't have broadcast disabled, hence it's working one way.
11-18-2013 01:39 PM
One similar issue that we found while searching online is a Cisco issue after upgrading a controller. They mention that Enabling 802.11 Padding fixed the issue. Does Aruba have a similar setting for this Cisco option?
11-19-2013 05:03 AM - edited 11-19-2013 05:05 AM
Have you tried doing a wireless packet capture ?
Can you try connecting directly from the controller and see if it works to rule out the VLAN / Controller / AP ?
And I know you mentioned that the drop broadcast is not enabled but can you check under the VAP ?
(controller) #show wlan virtual-ap NORTH1-SECURE-VAP-B Virtual AP profile "NORTH1-SECURE-VAP-B" ---------------------------------------- Parameter Value --------- ----- AAA Profile AAA-NORTH-SECURE-DOT1X-PROFILE-B 802.11K Profile default SSID Profile NORTH1-SECURE-SSID-PROFILE-B Virtual AP enable Enabled VLAN LOCAL1-VLANS-POOL-B Forward mode tunnel Allowed band all Band Steering Enabled Steering Mode prefer-5ghz Dynamic Multicast Optimization (DMO) Disabled Dynamic Multicast Optimization (DMO) Threshold 20 Drop Broadcast and Multicast DISABLE Convert Broadcast ARP requests to unicast Enabled Authentication Failure Blacklist Time 3600 sec Blacklist Time 3600 sec Deny inter user traffic Disabled Deny time range N/A DoS Prevention Disabled HA Discovery on-association Disabled Mobile IP Disabled Preserve Client VLAN Disabled Remote-AP Operation standard Station Blacklisting Enabled Strict Compliance Disabled VLAN Mobility Disabled FDB Update on Assoc Disabled WMM Traffic Management Profile N/A
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
11-19-2013 06:39 PM
Yep, had checked and double checked everything. Spent half the day today troubleshooting the issue. We finally found that having an IP address on the SVI for that vlan on the controller fixed the issue.
Can anyone explain why that is? It's only a L2 connection. Is best practice to have an IP address on every SVI even though they are just L2?