11-12-2012 05:52 AM - edited 04-14-2014 11:20 AM
I'm trying to configure RAP3 port 1 with a user role so that I can restrict permitted traffic down to a few ports. I have the port set to untrusted and my laptop can pull a DHCP address as expected. The problem is no matter what user role I apply I have no network access. I currently have the 'authenticated' user role so that 'allowall' is applied but I can't even ping my gateway let alone other network resources. If I change the port to trusted I have full network access.
I have a TAC case open and they've been looking at it for awhile now. As far as they can tell it should be working but it's not. While I'm waiting for them to get back to me can anyone tell me what logs would be beneficial to turn on debugging so I can see the process and what profile is applied and why?
I'm running: ArubaOS (MODEL: Aruba3600-US), Version 188.8.131.52
Any help is appreciated
Solved! Go to Solution.
11-12-2012 07:03 AM - edited 11-12-2012 07:03 AM
Something that seems strange to me is the IP of my laptop doesn't show up in the user table on the AP. My computer is getting an IP address of 10.12.205.68.
(JVLArubaCtrl) #show datapath user ap-name Justinsdesk tabl
Datapath User Table Entries
Flags: P - Permanent, W - WEP, T- TKIP, A - AESCCM, G - AESGCM, V - ProxyArp to/for MN(Visitor),
N - VPN, L - local, Y - Any IP user, R - Routed user, M - Media Capable,
S - Src NAT with VLAN IP, E - L2 Enforced, F - IPIP Force Delete, O - VOIP user
FM(Forward Mode): S - Split, B - Bridge, N - N/A
IP MAC ACLs Contract Location Age Sessions Flags Vlan FM
--------------- ----------------- ------- --------- -------- --- --------- ----- ---- --
192.168.0.45 00:0B:86:82:E2:78 2700/0 0/0 0 13 1/65535 P 1 N
10.12.205.5 00:0B:86:6E:31:50 2703/0 0/0 0 2759 0/65535 P 0 N
11-12-2012 07:44 AM
I think I might have figured out my problem after reading part 7 of this KB https://kb.arubanetworks.com/app/answers/detail/a_id/92/kw/wired%20ap%20user%20not%20in%20table.
I disabled mobility with 'no router mobile' and I seem to have network access on my untrusted link.