Wireless Access

Reply
Occasional Contributor I

No layer 3 connectivity on access ports on Aruba mobility 620 controller.

I am not able to access the controller on the access ports. I have DHCP server setup on 172.16.0.0/24 network. The controller's IP address is 172.16.0.254 on VLAN1 and the associated ports are F1/0  - F1/8 including the uplink. Though i am able to access the controller on my laptop using the uplink port but not through the access ports and they are all trusted. And I do have layer 2 connectivity on ports.

 

I guess i am missing something basic here. But cant get my head around, what i am doing wrong. 

Shahryar Ali
Product Engineer- ICT
ACMA, CCNA (R&S) , CloudU

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

When you plug the PC into the access port, can you please tell us what IP address/mask/gateway you get?

 

Also, can you paste an output of the access ports running configuration, taken from a partial "show run" output at the CLI? Might be worth posting the uplink port output too.

 

I assume you've got no ACLs on any of the wired ports (including the uplink)?

 

You're right to have checked the "trusted" command, that's usually what is a common cause.

 

When you say you can't access the controller, do you mean SSH/GUI? If you do, can you ping the controller IP? If you can, does a "arp -a" on the PC look correct in terms of the controller MAC-to-IP entry?

 

Thanks.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

When you plug the PC into the access port, can you please tell us what IP address/mask/gateway you get?

 

I do not get any IP adress from DHCP. I have tried to establish L3 conencitivity by assigning static IP. But it still doesnt work.

 

Also, can you paste an output of the access ports running configuration, taken from a partial "show run" output at the CLI? Might be worth posting the uplink port output too.

 

Please find the config file attached.

 

I assume you've got no ACLs on any of the wired ports (including the uplink)?

 

No ACLs are configured.

 

You're right to have checked the "trusted" command, that's usually what is a common cause.

 

When you say you can't access the controller, do you mean SSH/GUI? If you do, can you ping the controller IP? If you can, does a "arp -a" on the PC look correct in terms of the controller MAC-to-IP entry?

 

Yes, i mean SSH/GUI, though i am not able to ping the controller either.

Shahryar Ali
Product Engineer- ICT
ACMA, CCNA (R&S) , CloudU
Aruba

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

Your FE ports are on VLAN 2.   Does your controller have an IP on VLAN 2?

 

From your output:

interface fastethernet 1/0
        description "FE1/0"
        trusted
        trusted vlan 1-4094
        switchport access vlan 2

 

Please run the following:

show ip interface brief

show vlan

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

Yes this is quite strange as i have deleted the VLAN2 as shown by in the show vlan output:

 

#show vlan

VLAN CONFIGURATION
------------------
VLAN Description Ports AAA Profile
---- ----------- ----- -----------
1 Default FE1/0-7 GE1/8 Pc0-7 N/A

 

#show ip interface brief

Interface IP Address / IP Netmask Admin Protocol
vlan 1 172.16.0.254 / 255.255.255.0 up up
loopback unassigned / unassigned up up
mgmt unassigned / unassigned down down

 

 

 

Shahryar Ali
Product Engineer- ICT
ACMA, CCNA (R&S) , CloudU
Aruba

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

Please confirm what the port configuration is for 0-7.    Unless your output from ealier was incorrect, the ports were still configured for VLAN 2.

 

show run | begin "interface fastethernet 1/0"

 

If switchport access vlan 2 is still present, then change it.

 

config t

interface fastethernet 1/0

switchport access vlan 1

 

....repeat for 1/1-1/7

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

I have configured the ports with VLAN 2 , the updated config is shown below:

 

#show running-config | begin "interface fastethernet 1/0"
Building Configuration...
interface fastethernet 1/0
description "FE1/0"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/1
description "FE1/1"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/2
description "FE1/2"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/3
description "FE1/3"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/4
description "FE1/4"
trusted
trusted vlan 1-4094
speed 100
duplex full
!

interface fastethernet 1/5
description "FE1/5"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/6
description "FE1/6"
trusted
trusted vlan 1-4094
!

interface fastethernet 1/7
description "FE1/7"
trusted
trusted vlan 1-4094
!

 

Unfortunately i am still unable to establish layer 3 conenctivity on access ports.  Please suggest!

Shahryar Ali
Product Engineer- ICT
ACMA, CCNA (R&S) , CloudU

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

Plug a PC into port fast-ethernet 0/1, leave it 1 minute, then get the following outputs from the console port...

 

show port status

show vlan

show ip int brief

show arp

show ip dhcp bind

show port stats

 

Post the outputs on here please.

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Aruba

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

If you plug a PC in, does it get an IP on 172.16.0.0/24 per your DHCP pool on the controller?    Is .254 the gateway?   I also notice that you are NAT'ing VLAN 1.   This will NAT all user traffic to the controller IP (in your case 172.16.0.254).   

 

By looking at the config portion you shared, it looks like there is no L3 connectivity to your network.    How does the controller talk to any networks outside of itself?    It has only VLAN 1 defined (172.16.0.0/24).   The controller (and any connecting clients) have no knowledge of how to route outside of the controller.

 

What does show ip route show for routes?

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I

Re: No layer 3 connectivity on access ports on Aruba mobility 620 controller.

Here is the output:

 

show port status

Port Status
-----------
Slot-Port  PortType  adminstate  operstate  poe      Trusted  SpanningTree  PortMode
---------  --------  ----------  ---------  ---      -------  ------------  --------
1/0        FE        Enabled     Up         Enabled  Yes      Disabled      Access
1/1        FE        Enabled     Down       Enabled  Yes      Disabled      Access
1/2        FE        Enabled     Down       Enabled  Yes      Disabled      Access
1/3        FE        Enabled     Down       Enabled  Yes      Disabled      Access
1/4        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/5        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/6        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/7        FE        Enabled     Down       N/A      Yes      Disabled      Access
1/8        GE        Enabled     Down       N/A      Yes      Disabled      Access





#show vlan

VLAN CONFIGURATION
------------------
VLAN  Description  Ports                 AAA Profile
----  -----------  -----                 -----------
1     Default      FE1/0-7 GE1/8 Pc0-7   N/A



#show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                    172.16.0.254 / 255.255.255.0     up      up
loopback                    unassigned / unassigned        up      up
mgmt                        unassigned / unassigned        down    down


#show arp

Nothing!



#show ip dhcp bind

Nothing!



#show port stats

Port Statistics
---------------
Port    PacketsIn  PacketsOut  BytesIn  BytesOut  InputErrorBytes  OutputErrorBytes  CRCErrors
----    ---------  ----------  -------  --------  ---------------  ----------------  ---------
FE 1/0  908        0           91078    0         0                0                 0
FE 1/1  0          0           0        0         0                0                 0
FE 1/2  0          0           0        0         0                0                 0
FE 1/3  0          0           0        0         0                0                 0
FE 1/4  0          0           0        0         0                0                 0
FE 1/5  0          0           0        0         0                0                 0
FE 1/6  0          0           0        0         0                0                 0
FE 1/7  0          0           0        0         0                0                 0
GE 1/8  0          0           0        0         0                0                 0




show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
C    172.16.0.0/24 is directly connected, VLAN1

 

 

 

 

Shahryar Ali
Product Engineer- ICT
ACMA, CCNA (R&S) , CloudU
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: