Wireless Access

Reply
Contributor II
Posts: 52
Registered: ‎12-11-2012

Wireless user unable to login - Switching between Vlans

Controller: 6.3.1.12

Clearpass:  6.4.0.66263

AP: Campus AP-225

 

Vlan 926: User/computer vlan

Vlan 925: Executive Vlan

 

 

Issue: User not able to login into domain. Gets "no logon server available".

 

Symptom: User computer boots up. I see within Clearpass Asset Tracker that the computer account get an ip on Vlan 926 and was assigned the “machine auth” profile (internal access allow). Next, the user input their login credential and get a “no logon server available”, unable to join SSID-Name. When I checked Clearpass again, I see the user status shown as allow/accept and was assign the correct role. Also the user was given the correct vlan (now switch to vlan925). What I think the issue here is that when we switch Vlan from Computer Auth to Users/Computer auth (Executive), the controller or AP is not doing it fast enough to hand out an ip going from vlan926 to Vlan925. Is there a known issue that anyone knows off switching between vlan on the Aruba wireless?

 

If i removed the user (a VP) from the executive AD group and add him to the normal user group. He can login just fine, that because his machin auth and user auth are on the same vlan 926. He does not have to switch between vlans.

 

Thanks,

Chan K.

 

 

Occasional Contributor I
Posts: 8
Registered: ‎02-02-2014

Re: Wireless user unable to login - Switching between Vlans

This Should work just find you might have an issues with your rules/role mapping. try changing the enforcement provile value to return the users vlan (form executive) to see if the issue still happens.  it would be odd to get a No Logon Server error message before the user has even logged in.  

 

Do you have any ACL on the L3 interfaces for each VLAN?

 

 

Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: Wireless user unable to login - Switching between Vlans


chan.khen wrote:

Controller: 6.3.1.12

Clearpass:  6.4.0.66263

AP: Campus AP-225

 

Vlan 926: User/computer vlan

Vlan 925: Executive Vlan

 

 

Issue: User not able to login into domain. Gets "no logon server available".

 

Symptom: User computer boots up. I see within Clearpass Asset Tracker that the computer account get an ip on Vlan 926 and was assigned the “machine auth” profile (internal access allow). Next, the user input their login credential and get a “no logon server available”, unable to join SSID-Name. When I checked Clearpass again, I see the user status shown as allow/accept and was assign the correct role. Also the user was given the correct vlan (now switch to vlan925). What I think the issue here is that when we switch Vlan from Computer Auth to Users/Computer auth (Executive), the controller or AP is not doing it fast enough to hand out an ip going from vlan926 to Vlan925. Is there a known issue that anyone knows off switching between vlan on the Aruba wireless?

 

If i removed the user (a VP) from the executive AD group and add him to the normal user group. He can login just fine, that because his machin auth and user auth are on the same vlan 926. He does not have to switch between vlans.

 

Thanks,

Chan K.

 

 


It needs to be on the same VLAN, unfortunately.  The netlogon process is not designed to work when the underlying VLAN is switched.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 52
Registered: ‎12-11-2012

Re: Wireless user unable to login - Switching between Vlans

Thanks Colin. I make it one Vlan then.

 

Chan K.

Search Airheads
Showing results for 
Search instead for 
Did you mean: