Wireless Access

Hi,

 

Almost at wits end, I feel that this is probably a switch config issue, but I'm clearly missing something so if any of this sounds familiar and anyone has any advice I'd be glad of the help:

 

Running 6.4.3.4

 

Point to point mesh

 

Cisco <----> AP <**** mesh ****> AP <----> HP <----> 1 x AP

2960cx         274                             274          2920        277

 

The mesh link seems to come up fine.

 

AP277 attached to switch downstream of mesh with our normal, non-mesh config sends DHCP discovers but never receives offers. I see the offers on the switch upsteam of the mesh (on the port connected to the portal) but the offers never make it across the mesh to the point switch.

 

I am sending the AP management vlan untagged across the mesh, and the switch management Vlan is 1400, that's going across tagged. The wired-ap-profiles (one for portal, one for point):

 

Wired AP profile "cam-guild_portal-wiredap"
-------------------------------------------
Parameter Value
--------- -----
Wired AP enable Enabled
Trusted Trusted
Forward mode tunnel
Switchport mode trunk
Access mode VLAN 1
Trunk mode native VLAN 1
Trunk mode allowed VLANs 1,1400
Broadcast Broadcast

 

 

Wired AP profile "cam-guild_wiredap"
------------------------------------
Parameter Value
--------- -----
Wired AP enable Enabled
Trusted Trusted
Forward mode bridge
Switchport mode trunk
Access mode VLAN 1
Trunk mode native VLAN 1
Trunk mode allowed VLANs 1,1400
Broadcast Broadcast

 

Just to make things more complicated the switch at the portal end is Cisco 2960cx, and the switch downstream of the mesh is HP 2920. Switch config for link to portal:

 

interface GigabitEthernet0/1
switchport trunk native vlan 3118
switchport trunk allowed vlan 1400,3118
switchport mode trunk
switchport nonegotiate
ip arp inspection trust
power inline static
srr-queue bandwidth share 1 30 60 10
priority-queue out
storm-control broadcast level 5.00
no cdp enable
no lldp med-tlv-select network-policy
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree guard root
end

 

Config for link to point:

 

interface 23
broadcast-limit 5
poe-allocate-by value
poe-value 30
dhcp-snooping trust
tagged vlan 1400
untagged vlan 3118
no port-security eavesdrop-prevention
spanning-tree bpdu-filter
arp-protect trust
exit

 

Link to non-mesh AP:

 

interface 1
broadcast-limit 5
poe-allocate-by value
poe-value 30
untagged vlan 3118
no port-security eavesdrop-prevention
spanning-tree admin-edge-port
spanning-tree root-guard
exit

 

 

I'm going round in circles so any help much appreciated!

 

Guy

 

 

 

 

Hi, 

 

See if this helps, 

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-807 

 

Thanks, 

Rajaguru Vincent 

Thanks for replying but that link gives me a choice of 3 articles, and I'm not sure which you're referring to?

Thanks for replying, but that link takes me to 3 articles, I'm not sure which you're referring to?

Hi, 

 

Something went wrong with copy-paste. This one should work. 

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-should-the-Aruba-controller-be-configured-to-ensure-proper/ta-p/177158 

 

Thanks, 

Rajaguru Vincent 

Something breaks when I paste links, 

 

You can try searching the community knowledge base for the article titled,

"How should the Aruba controller be configured to ensure proper VLAN tagging across a mesh bridge link?" 

 

Thanks, 

Rajaguru Vincent 

Thanks for this, interesting reading. I will implement it tomorrow and let you know...

 

Guy

Is this IAP (Instant) or AOS (controller) based? Just wanting to make sure...

Controller based...

So this may or may not be relevant. Because you are running in tunnel mode, and without knowing exactly what the port config is on every relevant connection point, know that whatever comes across the wired interface on the 274 mesh link is tunneled all the way back to the controller. SO if you have VLANs configured on the switches you noted, but NOT on the controller, I assume 3118, then there wouldn't be L2 from the controller out to the har side HP2920. 

 

You also seem to have one profile that is tunnel mode and one that is bridge. At least on the 274s they need to match (either both bridge or both tunnel). The 277 off the 2920 should just be a normal Campus AP. Worst comes to worse, take the switches out of the equation (at least on the HP side) and test to see if you have continuity over the mesh link. If you can make it to the HP2920 from the network, then at least you know the native VLAN is up (whatever that is, either VLAN 1 or VLAN 3118, depending on how they are hooked up). 

Thanks for this info, we had to send the equipment out for deployment today so I cannot test any more. However nothing I tried solved the problem, DHCP offers not received by client APs. The mesh was reliable (in terms of coming up) so we are installing the switch and APs in the next day or two, I'll have to work remotely and hope I don't do anything stupid to cut myself off!

 

We did find something in the release notes for 6.4.3.5 which may be relevant:

 

"
Symptom: Broadcast traffic from a switch to mesh point's Ethernet 0 was
sent back. This issue is resolved by removing eth0 from bond0 interface.

Scenario: This issue occured when a client or a switch connected to mesh
points relayed broadcast traffic. This issue was observed when a client or
a switch was connected to a mesh point's Ethernet 0Platform: All
platforms.

Reported Version: ArubaOS 6.4.3.2.
Bug ID 124682, 126989
"

 

We'll try a firmware upgrade after installation to see if that solves it.

 

Guy