Wireless Access

Reply
New Contributor
Posts: 1
Registered: ‎04-04-2016

Vlans are associated to SSIDs, however, all but Guest VLAN get IP assigned from one VLAN.

As stated above, all of our Vlans are associated to single SSIDs, however, all but Guest VLAN get IP assigned from one VLAN.
Corporate Vlan 55 = 192.168.55.0/24          CorpLAN
Corp Guest Vlan 56 = 192.168.56.0/24        GuestLAN
IT Vlan 57 = 192.168.57.0/24                        ITLAN

If I connect to CorpLAN or ITLAN I am assigned an IP from 192.168.55.0
If I connect to GuestLAN I am assigned an IP from 192.168.56.0

GuestLAN uses PreSharedKey for 802.1x Authentication
CorpLAN uses WPA2 eap-peap,eap-mschapv2, for 802.1x Authentication (Via Radius Server)
ITLAN uses WPA2 eap-peap,eap-mschapv2, for 802.1x Authentication (Via Internal DB)

Any ideas what I am doing wrong?

 

 

Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Re: Vlans are associated to SSIDs, however, all but Guest VLAN get IP assigned from one VLAN.

Make sure that the Role that your user gets when he connects to the IT WLAN does not have a VLAN hardcoded.  To find out why a user got the VLAN use:

 

show user-table ip <ip address of user>

 

(Aruba7005-US) #   show user-table ip 192.168.1.236


Name: employee-mac, IP: 192.168.1.236, MAC: b8:c8:56:38:9d:be, Age: 00:00:37
Role: authenticated-vsa (how: ROLE_DERIVATION_DOT1X_VSA), ACL: 68/0
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-PEAP, server: CPPM
Authentication Servers: dot1x authserver: CPPM, mac authserver: 
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: ROLE_DERIVATION_DOT1X_VSA
VLAN Derivation: Default VLAN
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 0
phy_type: a-VHT-80, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 14
Vlan default: 1, Assigned: 1, Current: 1 vlan-how: 1 DP assigned vlan:0 
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x1001d (tunnel 29)
Essid: ACME-TLS, Bssid: 9c:1c:12:90:5d:92 AP name/group: Office-225/default Phy-type: a-VHT-80 Forward Mode: tunnel
RadAcct sessionID:n/a
RadAcct Traffic In 74085/20866998 Out 124929/100439424 (1:8549/0:0:318:26550,1:59393/0:0:1532:38272)
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
Profiles AAA:ACME-TLS-aaa_prof, dot1x:dot1x_prof-skn93, mac: CP:n/a def-role:'logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 0
IP Born: 1459803277 (Mon Apr  4 15:54:37 2016)
Core User Born: 1459803277 (Mon Apr  4 15:54:37 2016)
Upstream AP ID: 0, Downstream AP ID: 0
User Agent String: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
HTTP based device-id info - Index: 5, Device: OS X
MAC based device-id info - Index = 197, OUI = B8E856 Group = Apple
Overall device-id info - Index: 13, Device: OS X
Max IPv4 users: 2
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 0
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Default
Reauth-interval from role: 0
Number of reauthentication attempts: mac reauth 0, dot1x reauth 0
mac auth server: N/A, dot1x auth server: CPPM
Address is from DHCP: yes
Per-user-log pointer 0x122910c (id 539), num logs 56


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: