Wireless Access

Hi,

i have a active/passiv 2 controller vrrp installation with 2 vlans. 1= internal 2. = mobile

controller is not default gatway of the vlans.

now i need to configure, that a modile device can access a server. It is possible?

I don not get the nat to work. the installation is for mobile devices so i cant get any routes into the client devices.

Hi,

Can you bring some more clarity on this, 

1.If the Controller VRRP IP is not he GW for the clients then how your controller is up linked ?

2.what do you mean by mobile devices are they wireless clients ? 

3. You want to access the servers so where are these servers ?

Please clarify so that I can help you on this.

1. the controller got his default gateway in vlan 1 (which is internal lan). vlan 2 is a single internet access with own router

2. the clients are wireless devices, but iphones etc. where i can't add any route etc. i do the

testing with a laptop, whe i add a route to use the controller as gateway it works

3. the clients in vlan2 should access 1 server in vlan 1

vlan1 got now route to vlan 2, therefore i need to nat at the wireless controller. i think i need some interception like the captiv portal does its redirect

with a "route+srcnat" icmp is working, but i get no telnet answer?!

HI,

Is the Router, providing internet manageable ? if yes configure inter VLAN routing so that it can come back to the controller and then reach the internal VLAN ( VLAN 1). here assuming that the controller having connectivity to the internal servers :)

Ensure that, controller is having VLAN 1 and VLAN 2 interfaces configured.

If the Router is not manageable we have to look at other options :)

Make sense ??

if i configure a route on the internet router in vlan2 i will have an routing triangle.

can you ecplain me, why action "route" in  the acl i working for ICMP but not for telnet?

HI,

I'm not sure, can you check the user role and the policy mapped is allowing the desired traffic ??

the user role ist matching and the acl is

any sorce - destination host x.y.z - any service - action route

interface has source nat activated

sh datapath session shows the same for icmp and telnet but the telnet session is not working

Hi,

Ok, let me replicate this and bring some solution , give me some time :)

thats my config change today

interface vlan 1
        ip address 192.168.1.241 255.255.255.0

interface vlan 2
        ip address 192.168.2.2 255.255.255.0
        ip nat inside

ip access-list session ROUTE
  user host 192.168.1.100 any  route log

user-role Mobile
 access-list session ROUTE
 access-list session allowall

Hi,

I just had a discussion with my friend, I got your point.

Please try with ESI redirec , should work :)

for help , go through this link.

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/How-to-NAT-and-redirect-of-specific-traffic-using-ACL-on-Aruba-controller-if-Aruba-controller-is-not-the-gateway-for-the-client

Hope your issue will get resolved.

please feel free to come back for any further help on this.

i tried esi-redirect (with forward and both directions)

i also get output

192.168.1.100     192.168.2.169     6    23        54526  0/0     0 24  1   local       13   0         0          Y
192.168.2.169     192.168.1.100     6    54526  23        0/0     0 24  1   local       13   0         0          YTC

but still no connection. I don't get it. Will update the controller to 6.4 on monday

Hi Friend,

You have a good solution in 6.4.2.2  it supports Policy based Routing :)

All the best.

Please feel free if you need any help on this.

i have 6.4.2.8 running and a working esi rule for redirecting trafic from vlan 1 to vlan 2 without beeing default gateway

vlan1 = 192.168.110.0

vlan2 = 192.168.0.0

for vlan 1 i have a esi rule like:

 source: user -> any service -> destination: 192.168.0.100 -> action: redirect esi-group 192.168.0.100 (direction both)

thats working for me. BUT now i need to nat  traffic for 10.10.10.10 to the 192.168.0.100 Server