Wireless Access

Reply
Occasional Contributor II
Posts: 13
Registered: ‎04-18-2012

VLAN Problem

Hello,

 

i've a strange problem about VLAN configuration that occured after a reboot of the controller (3600 OS 6.1.2.3).

In my network i have a VLAN (31) associated with the Corporate wifi network (used by most users), this VLAN is configurated on the GE1/1 in Access Mode (follow some pics):

 

 

ar1.JPG

 

ar2.JPG

 

ar3.JPG

ar4.JPG

 

My Corporate VAP is associated to this VLAN in tunnel mode (i do not have NGPEF licences intalled)

 

ar5.JPG

 

The problem is that the traffic that exit from port 1/1 has not VLAN ID set on the ethernet packet, so the firewall on the other end of the wire could not manage this traffic. Everything worked fine until i've restored an old configuration, but doublechecking i thinks that this configuration should be ok.

 

ar6.JPG

 

any help is appreciated.

 

Thanks,

Davide

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: VLAN Problem

Make sure your infrastructure can ping the ip address of that interface on your network.  Also make sure you do not have "ip nat inside" or source nat configured for that VLAN interface.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎04-18-2012

Re: VLAN Problem

Hello,

 

Thanks for the rapid answer. 

No, i can not ping the interface on the VLAN 31.

 

My phisic infrastructure is very simple:

3600 GE1/1 ------- wire ------- Firewall 

(there is nothing in the middle)

 

On GE1/1 is configurated the VLAN 31, same thing on the interface of the Firewall (eth7=physic interface; eth7.31=VLAN31)

The strange thing is that my packets arive on the physic interface eth7 and not on the eth7.31

 

ex:

 

tcpdump -n -i eth7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth7, link-type EN10MB (Ethernet), capture size 96 bytes
16:43:24.898633 arp who-has 10.31.0.240 tell 10.31.0.213
16:43:24.928618 arp who-has 10.31.0.240 tell 10.31.0.229
16:43:25.618190 arp who-has 10.31.0.240 tell 10.31.0.229

 

Using wireshark i also checked that the VLAN ID is missing, so the problem should be on the controller.

 

 

 

 

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: VLAN Problem

So if you have a subinterface, that means you are doing 802.1q encapsulation, and the controller port needs to be on a trunk?  In that case, change that management port to a trunk.  Make sure that VLAN 31 is allowed, but make the default or management VLAN anything but 31.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎04-18-2012

Re: VLAN Problem

Hello, 

Thanks again, i've changed the configuration on the port 1, but still i receive packets (arp requests asking for the GW) on the physic port insteed the virtual one. :smileysad:

 

Should i reboot the controller after change this settings?

 

ar7.JPG

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: VLAN Problem

You should not need to reboot. Try to ping the controller from the firewall.

What is the native vlan on that port?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎04-18-2012

Re: VLAN Problem

the ping do not works in both direction 10.31.0.193 (Controller) <--> 10.31.0.240 (Firewall)
I've set the native VLAN 31 on port 1/1. however i'm not very skilled on aruba so please can you tell me how check it ? (maybe using cli). I will not reply until next day because i'm leaving now, thanks very much for your help.

 

Davide

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: VLAN Problem

[ Edited ]

Okay.  Let's check to make sure the port is a trunk by typing "show trunk".  If it is NOT a trunk, change it to a trunk by typing:

 

config t

interface gigabitethernet 1/1

switchport mode trunk

switchport trunk allowed vlan all

switchport trunk native vlan 1

 

show trunk

 

You should see the trunk, your VLANs allowed and your native VLAN.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: VLAN Problem

As Colin suggested, if you are looking for 802.1q encapsulation, then the port must be trunked.   However, your native VLAN is not tagged.  Thus in your screenshot, you have VLAN 31 as your native VLAN, this will not get tagged; add VLAN 1 to the allowed VLANs and make that your native VLAN.

 

Also, on Colin's commands to create your trunk port, one minor correction:

 

config t

interface gigabitethernet 1/1

switchport mode trunk

switchport trunk allowed vlan all

switchport trunk native vlan 1

 

show trunk

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: VLAN Problem


clembo wrote:

As Colin suggested, if you are looking for 802.1q encapsulation, then the port must be trunked.   However, your native VLAN is not tagged.  Thus in your screenshot, you have VLAN 31 as your native VLAN, this will not get tagged; add VLAN 1 to the allowed VLANs and make that your native VLAN.

 

Also, on Colin's commands to create your trunk port, one minor correction:

 

config t

interface gigabitethernet 1/1

switchport mode trunk

switchport trunk allowed vlan all

switchport trunk native vlan 1

 

show trunk




 

clembo,

 

Thank you.  I corrected the original post, just like your example.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: