Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎11-23-2012

Two external DHCP-servers for different SSID's

Hi,

We have a setup with a Master controller and several local controllers (running Aruba OS 6.1.3.7). On every site we have a firewall that functions as the DHCP-server for wireless clients. On one of the sites where we have a local controller, a third party wants their own equipment to connect via our WLAN and get IP-address from their own DHCP-server which is also located at the site.

 

So basically we have our own firewall as a DHCP-server for one SSID, and then we would need a second SSID that gets the IP from the server managed by a third party.

 

The problem is that our Firewall functions as the default gateway for the local controller, and because dhcp requests on this Aruba OS version go via the controller uplink vlan, all the dhcp requests from both SSID's go to our firewall. We have learned and Aruba support has confirmed that in ArubaOS version 6.2.x.x the dhcp requests go a little different. The DHCP requests in that version go via the VLAN where the user connects and not via the controller uplink vlan. This would ofcourse be a solution for us because then the requests would travel in that particular VLAN where the user is connected to.

 

But we don't have the possibility to upgrade at the moment. So now I'm asking if there could be some other solution to get this to work, so that SSID1 clients would get IP from our firewall, and SSID2 clients would get IP from the server managed by a third party?

MVP
Posts: 4,236
Registered: ‎07-20-2011

Re: Two external DHCP-servers for different SSID's

[ Edited ]

 

What do you have as an uplink device to the controller?

 

Do you have ip helper addresses on the client VLANs for the DHCP servers ?

 

Have you ran any packet captures on the uplink from the interface going to the controller to verify this information?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 9
Registered: ‎11-23-2012

Re: Two external DHCP-servers for different SSID's

[ Edited ]

Our firewall (the one that functions as DHCP server for one of the SSID's) is the uplink device.

 

We tried to add IP-helper addresses but that did not work.

 

And actually now that you asked, I tried to run a packet capture, but no packets whatsoever are transmitted when joining this new SSID, which is really strange...

 

We tried to assign one port on the controller to access mode for the same VLAN as the new SSID and we managed to get IP address, so the wired side is fine.

 

EDIT: The AP's are configured as RAP's, if this information is relevant.

 

EDIT2: The third party equipment don't need Internet connectivity, and we want to avoid running their data through our firewall as much as possible.

Occasional Contributor I
Posts: 9
Registered: ‎11-23-2012

Re: Two external DHCP-servers for different SSID's

Ok the setup is working now.

The third party server was sending lots of multicast packets (some background video, it's an IPTV server also...) so that's why the wireless net was not working. After we enabled IGMP on the switch, the problem is gone and everything works.

MVP
Posts: 4,236
Registered: ‎07-20-2011

Re: Two external DHCP-servers for different SSID's

Interesting!!

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 9
Registered: ‎11-23-2012

Re: Two external DHCP-servers for different SSID's

Yes, indeed.

 

We also configured a DHCP on our firewall for this SSID for testing purposes and disabled the DHCP on the third party server. When the third party server was NOT connected, we were able to get IP address from DHCP on our firewall and we could ping around in the network. But when we reconnected the server to the network, ping stopped and we could not get IP anymore to wireless clients.

Then again when we disconnected the server, the ping continued instantly...

 

We then reconnected again the third party server (obviously the continuous ping stopped at this moment) and monitored the switch port where it was connected with Wireshark and noticed that lots of multicast packets (protocol MPEG TS) was sent from the server. Then enabling IGMP on the VLAN on the switch where the server was connected and instantly ping went through. And now we moved back to original plan using the third party server as DHCP and it worked also...

 

So there, don't know why this happened but maybe someone has good theories?

Since wired clients could get IP address all the time, but wireless clients could not, I was thinking maybe enabling IGMP on the Aruba controller would also have fixed this?

MVP
Posts: 4,236
Registered: ‎07-20-2011

Re: Two external DHCP-servers for different SSID's

 

You applied this on the client VLAN im assuming right ?

 

Are you using igmp snooping ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 9
Registered: ‎11-23-2012

Re: Two external DHCP-servers for different SSID's

Yes, I enabled IGMP on the client VLAN, but only on the switch where the server was connected.

No, I don't have IGMP snooping. On the controller I have no IGMP related settings on.

Search Airheads
Showing results for 
Search instead for 
Did you mean: