10-17-2012 07:25 AM
I am installing a pair of AP-175 for a customer. The intent is to extend the network to a new building that doesn't have a wired connectiong to their network. I have the APs setup in their own group, a mesh radio and cluster profile setup etc.. The APs will connect and establish. I can ping both APs. I can not pass traffic through them.
THe controller is located at the NOC. THe APs are located at remote campuses which are routing locally so the VLANs are not trunked back to the NOC and are not on the controller. The VLANS I have at the remote campus are 1,83,120,121,125 and will be extended to the new buiding. I have tried setting my wired AP profile to access mode, trunk mode etc. I have it set to bridge mode, with the bridge mode being set to authenticated. I can't get any traffic to pass across the link. I also tried turning on trunking on the switches they are plugged into and that make the APs go out of service.
I just need this to work like an simple dumb bridge that passes traffic. What am I missing??
10-17-2012 07:37 AM
You need to create a AAA profile created that has the initial role set to authenticated. Assign that AAA profile to the wired AP profile. Set the Wired Profile to Untrusted. Set the mode to the port to Access (not trunk).
See if that works.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
10-17-2012 09:54 AM
If Colin's recommendation do not correct the problem, please post your config so we can review it.
Bridging is a basic service of ArubaOS mesh, so I'm sure its a straightforward configuration issue.
10-18-2012 10:34 AM
OK, I will try that. Since it's going to be an access port, which VLAN do I assign as the acces mode vlan since the local VLANs don't exist on the controller? Do I just leave it as 1?
10-23-2012 08:43 AM
OK. I can get them to pass traffic on VLAN 121 only. This is the VLAN that the mesh portal side is in. I can connect to the ethernet port of the mesh point side and get an IP in VLAN 121. If I try to connect it to a switch and use any VLAN other than 121 I am unable to get an IP or communicate if I use a static IP. Still sounds like the VLAN info is not being passed correctly. I have my wired-ap profile set to access mode with VLAN 1 as the access mode vlan. Bridge role is authenticated.
05-27-2015 06:57 AM
Solution - I had the exact same issue you are describing above. for me I had changed the native vlan to 64 on the cisco switches and allowed vlans 10, 64, and 66 in the trunking. In the wired profile I also matched these same settings but it did not work.
Then my local SE informed me I was using the default system profile in the AP group and the default system profile uses native vlan 1. I created a new system profile with native VLAN 64 and applied it to the AP group. Issue resolved all my VLANs on the point mesh are now working.
The documentation does not mention needing a system profile or regulatory domain in the AP group. I should had known better. Hope this helps someone out there.