Wireless Access

Reply
MVP
Posts: 1,111
Registered: ‎10-11-2011

Named netdestinations on 3200xm

I am looking into why a client is unable to access a resource on one controller that he is able to access on a different local controller.  I verified that he has the same role on both controllers.  I monitored his session on both controllers and am seeing him get denied on one of them.  The firewall policy that should allow him access includes a netdestination with named entries.  Both controllers have DNS servers specified and include "ip domain lookup".  Both controllers can ping the named entry in the netdestination.  The only difference I can see is one controller is a 3600 and the other a 3200XM.

 

It appears as though the 3200XM isn't working with named entries in netdestinations.  I am working up a test today to confirm this is the case, but wanted to throw it out there to see if anyone has seen this before.  And to confirm, only a DNS server and "ip domain lookup" are required for named entries, right?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 21,272
Registered: ‎03-29-2007

Re: Named netdestinations on 3200xm

You should also be able to ping a dns name from the commandline of the controller to test if dns resolution is working.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Named netdestinations on 3200xm

Yep, that works.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 21,272
Registered: ‎03-29-2007

Re: Named netdestinations on 3200xm

Why don't you have the client reach the resource via ip address, so you can rule out name resolution, then?  If the client still cannot reach it, it is not name resolution, right?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Named netdestinations on 3200xm

Yeah, that's what I'm testing later today. I just thought I'd get some
feedback from others in case this was a known issue or limitation.
=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 21,272
Registered: ‎03-29-2007

Re: Named netdestinations on 3200xm

No limitation or obvious bugs.

 

Please check "show firewall dns-names" to see how that address is being resolved to see if the fqdn is being resolved to the same address on both platforms.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Named netdestinations on 3200xm

Okay, cool.  I was looking for a command like that.  Thanks!

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Named netdestinations on 3200xm

When I use that command, about half of the DNS names resolved.  Should all of them have resolved?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 21,272
Registered: ‎03-29-2007

Re: Named netdestinations on 3200xm

It should show up there after you attempt a resolution. The others could have aged out.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Named netdestinations on 3200xm

Ah okay.  I assumed they'd always be populated/fresh so they'd be immediately available when a netdestination is called upon by a firewall policy.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Search Airheads
Showing results for 
Search instead for 
Did you mean: