11-19-2012 04:42 PM
I have a very simple network I have ready for first time config (or so I thought), and it's madding me that things aren't quite working the way I need them to.
I have a single 3600 controller and 28 APs. I got the APs configured, and then tried to configure the following:
One internal WLAN, LDAP authentication, WEP-2 Enterprise, routing over ports 0, 1, 2 (in an LACP trunk on our internal network)
One guest WLAN, local user database, routing over port 3 (which routes out to the internet over a firewalled line)
Is there any good documention to get started on this? The user guide is the most confusing doc I've ever read (and I read 2000 page core switch manuals), and the web interface is less than helpful. I got a guest WLAN up but that's about all my success, and it's not routing properly over port 3 and allows access to the internal network. I've attached my config, minimal as it is.
Has anyone at Aruba done any interface testing? If this is "simple" then I'd hate to see the complex stuff. Even the so called "wizards" are confusing. My Juniper system I'm replacing was way easier than this (and I did most of that on the command line).
Normally I'd just fight it out but of course they want this online by Monday, and with the holiday coming I don't feel like spending the four day weekend trying to do wireless... Probably why this sounds grumpy :). Thanks in advance to anyone who helps!
11-19-2012 06:03 PM
Try these. Not sure what stage you are on, so they might help, or give you some perspective.
WLAN Base Configuration:
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
11-20-2012 10:47 AM
Sorry if I jump around, I think you've got a variety of issues to tackle, so hopefully this helps a bit. When I get to somewhere where I can grab a controller config; i'll see if I can dump some of the relevant components for a basic setup.
First, you don't really give any indication as to what is not working outside of the Guest routing, so I am basing some of these just off of looking at the configuration.
- I assume you mean WPA-2 Enterprise; you mention LDAP authentication, but I do see a RADIUS server defined in your setup. I assume you meant WPA2-Enterprise with RADIUS.
- The guests will not route out interface 1/3 as you are trying to as you have NAT turned on for that VLAN (ip nat inside). This will NAT all traffic on that VLAN to the IP of the controller.
- You've got 1/3 set as untrusted on VLAN 2; this should not be necessary for the requirements you mention
- You've got your initial role for the Guest network AAA profile set to "authenticated" which has the "allowall" policy defined.
- To rule out LACP in any way, have you tried to set this up with just a single port? My typical setups have port-channelling setup; without LACP, so I can't offer any ideas on that setup.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX