Wireless Access

Reply
Occasional Contributor II

VMC tunnel mode vs bridge mode

Hello,

I deploy VMC OS 8.0.1.1 (IP, default gateway,...), provisioning AP and add demo license.

I tested bridge mode, so client traffic do not pass controller and client get connectivity with my LAN.

Then I test forward tunnel mode and client also get IP address from my LAN DHCP Server (not Aruba VMC), but from client I can only ping my controller and nothing else. Client have no access to my LAN servers.

I have not installed PEF license. My initial role is logon and I can not change it.

So my question is, do I need PEF licese to install it, so forwarding tunnel mode work correct and client can get access to my LAN.

 

Thanks.

Blaz

 

New Contributor

Re: VMC tunnel mode vs bridge mode

You don't need to install the license PEF. I did installed it and i couldn't get it work anyway. The problem must reside somewhere else. We've been working around this and we couldn't solve it. Any ideas?

Re: VMC tunnel mode vs bridge mode

Logon role will restric any client access to the controller only. You would need to change the initial role (assuming your WLAN is open or WPA2-PSK) to something else, usually guest works. PEF will give you far more default options as well as the ability to create custom roles and policies, without PEF, you have more limited default roles and no customization.

Jerrod Howard
Sr. Techical Marketing Engineer
New Contributor

Re: VMC tunnel mode vs bridge mode


jhoward wrote:

Logon role will restric any client access to the controller only. You would need to change the initial role (assuming your WLAN is open or WPA2-PSK) to something else, usually guest works. PEF will give you far more default options as well as the ability to create custom roles and policies, without PEF, you have more limited default roles and no customization.


 

Hello jhoward. We tried with default-via-role and even created a role with any to any permit acl. Also we connected two devices through wireless and they saw each other (icmp). But at the moment of pinging the DHCP server (switch L2/L3, the default gateway of VMC and those devices) it didn't respond. Awaiting further comments, thanks for the reply my friend. Regards.

Re: VMC tunnel mode vs bridge mode

This is likely then due to the ESX config of the network vSwitch that the VMC is assigned to. Are you one big flat VLAN on your VMC, and does the IP of your VMC, ESX server, and network default gateway all reside on the same L2 network? 

 

If not, you need ot make sure that your VMC is on a different vSwitch than vSwitch0 (the default ESX vSwitch where ESX management is done), and that it's confgiured as a Trunk port on the vSwitch. That promiscuous mode and forged transmits are enabled on the vSwitch/port group on the ESX server, and that your VLAN config applies to the correct network adapter in the VMC's network settings on the ESX host.

 

if you can provide a network drawing of your setup, the 'show vlan' and 'show ip int br' from your VMC, as well as screenshots of your ESX host's network settings on the relevant vSwitches, we can start there.

Jerrod Howard
Sr. Techical Marketing Engineer
New Contributor

Re: VMC tunnel mode vs bridge mode


jhoward wrote:

This is likely then due to the ESX config of the network vSwitch that the VMC is assigned to. Are you one big flat VLAN on your VMC, and does the IP of your VMC, ESX server, and network default gateway all reside on the same L2 network?  

 

If not, you need ot make sure that your VMC is on a different vSwitch than vSwitch0 (the default ESX vSwitch where ESX management is done), and that it's confgiured as a Trunk port on the vSwitch. That promiscuous mode and forged transmits are enabled on the vSwitch/port group on the ESX server, and that your VLAN config applies to the correct network adapter in the VMC's network settings on the ESX host.

 

if you can provide a network drawing of your setup, the 'show vlan' and 'show ip int br' from your VMC, as well as screenshots of your ESX host's network settings on the relevant vSwitches, we can start there.


Our idea is to work with vlan's but in our primary test it's all on one flat vlan (native, 1).  I just enabled promiscous mode over ESX and it worked. Genius!! Thanks. 

Now, i'll work with vlan's taking in consideration your comments. Never the less, in the next link you will find a resumed diagram of what we have.Again, thanks a lot for your help. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: