Wireless Access

Reply
Occasional Contributor I

Need help! Clients can't authenticate

Warning: Very New to Aruba! Please be Patient.

 

(Test Environment)

 

I have an Aruba 7210 connected to a Juniper 4200. There are only 3 APs at the moment connected to the 7210.

The APs are receiving DHCP from the Master.

The WLAN is broadcasting SSID

The Clients are able to view the SSID

At the moment there are no Firewalls policies set.

At the moment the WLAN is set to OPEN with no Encryption.

 

Port 1 is set to trunk to the Juniper 4200 switch, where the associated port is trunked with the associated VLAN

 

The clients however are not authenticating. Stranger is despite being able to launch the AWMS and connect to the Aruba Master, not to mention SSH into the Master, I can not ping the VLAN IP address which is set on the Aruba.

 

I have checked the DHCP tables and the VLAN is present. I am slightly convinced this is more of an issue on the Juniper side than the Aruba, but this community seemed the most helpful of the two.

 

Has anyone experienced this issue? I have checked the configs against work environment locations and everything appears similar, but does not appear to be working.

 

Thanks in advance for the help. I'll provide as much information as needed to resolve the issue.

Guru Elite

Re: Need help! Clients can't authenticate


Neil-V wrote:

Warning: Very New to Aruba! Please be Patient.

 

(Test Environment)

 

I have an Aruba 7210 connected to a Juniper 4200. There are only 3 APs at the moment connected to the 7210.

The APs are receiving DHCP from the Master.

The WLAN is broadcasting SSID

The Clients are able to view the SSID

At the moment there are no Firewalls policies set.

At the moment the WLAN is set to OPEN with no Encryption.

 

Port 1 is set to trunk to the Juniper 4200 switch, where the associated port is trunked with the associated VLAN

 

The clients however are not authenticating. Stranger is despite being able to launch the AWMS and connect to the Aruba Master, not to mention SSH into the Master, I can not ping the VLAN IP address which is set on the Aruba.

 

I have checked the DHCP tables and the VLAN is present. I am slightly convinced this is more of an issue on the Juniper side than the Aruba, but this community seemed the most helpful of the two.

 

Has anyone experienced this issue? I have checked the configs against work environment locations and everything appears similar, but does not appear to be working.

 

Thanks in advance for the help. I'll provide as much information as needed to resolve the issue.


- How is the Aruba controller connected to the Juniper?
- Is it a trunk or an access port?
- What VLAN are clients placed on ?  (type "show ap essid" to see what VLANs users are placed on).
- What VLANs are assigned to what ports on the Aruba controller? (type "show vlan status")

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Need help! Clients can't authenticate

Thanks for the quick reply.

 

WiFI  2    0        2580     Open

 #2580    10.168.XXX.X/255.255.XXX.0  Enabled     Up         1          Disabled            Regular  GE0/0/1
Port is set as a trunk

Guru Elite

Re: Need help! Clients can't authenticate

type "show trunk" and make sure your "native" vlan matches what you have on the juniper side...

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Need help! Clients can't authenticate

GE0/0/1  ALL            1,2580        2580

They match

 

Guru Elite

Re: Need help! Clients can't authenticate

What VLAN is the 10 subnet on the Juniper side?  If it is not 1, just make it an access port on both sides...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Need help! Clients can't authenticate

set interfaces ge-0/0/8 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members 2580
set interfaces ge-0/0/8 unit 0 family ethernet-switching native-vlan-id 1
set protocols rstp interface ge-0/0/8.0 edge

port 1 on the Aruba is where we are plugged into which is also set to native vlan 1 and 2580 and trunk

Guru Elite

Re: Need help! Clients can't authenticate

Based on your output before, the Native VLAN on the Aruba side is 2580....  It does not match your Juniper output.  You need to fix one side of that to make the Native VLANs match..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Need help! Clients can't authenticate

In have changed the Vlans on both ends to reflect 2580, I am still unable to ping that vlan on the Aruba however. I have talked with some of the other techs and we all agree it sounds like it should be simple. It is an L2 link that is open and I am totally lost on the issue. Again any help is appreciated

Guru Elite

Re: Need help! Clients can't authenticate

Which VLAN can you NOT reach? Can you make it work on a single VLAN to eliminate complexity?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: