Wireless Access

when i use show user-table ip <ip> i get among the information the following line:

...

Vlan default: 80, Assigned: 0, Current: 0 vlan-how: 0

...

what determines this Vlan default value? is there a knowledge base article or such?

The default VLAN assigned is usually the one in the Virtual AP profile.  There are other factors that can override this like a user or server derived rule or a RADIUS reply with a VLAN attribute

ok, thank you Seth. i suspected that, but wanted to be sure.

but what when i don't configure a VLAN on the virtual AP profile?

In terms of the other things, they are listed here.

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Network_Parameters/About_VLAN_Assignments.htm

thanks very useful link, still wondering about what happens when i dont configure a VLAN on the virtual AP?

actual reason is that i have experienced twice recently on a virtual AP without VLAN configured that it had a Default VLAN in the output and i cant understand where it comes from.

boneyard, Is that vlan 40 the vlan for your controller-ip?  I was in the office and tested by removing the vlan in the VAP and my client got an ip.

The vlan it got the ip was from my controller-ip vlan....either that or it was the first in the list of a 'show ip interface brief'.

You're right though, I should not have gotten an ip address.

Vlan default: 3, Assigned: 0, Current: 3 vlan-how: 0 DP assigned vlan:0

vlan 80 you mean i think and yes it was, that could probably be it then. makes a certain sense. still dont get why it suddenly occurs, but i believe best practice would be to set a VLAN on your VAP.

Yeah, I meant 80.

I don't think this is right. If there's no vlan on the vap or other vlan derivation, then the device should be without a vlan or 'blackholed'. 

Many years ago in an old VRD, user guide or something I remember it saying that an ap in default group broadcasting Aruba-ap was not a security concern because there was no vlan and the device can't pass traffic.  Clearly somewhere along the line that changed.

Personally, I view that as a bug.

---

@Michael_Clarke wrote:

Yeah, I meant 80.

 

I don't think this is right. If there's no vlan on the vap or other vlan derivation, then the device should be without a vlan or 'blackholed'. 

 

Many years ago in an old VRD, user guide or something I remember it saying that an ap in default group broadcasting Aruba-ap was not a security concern because there was no vlan and the device can't pass traffic.  Clearly somewhere along the line that changed.

 

Personally, I view that as a bug.

---

Michael_Clarke,

I think you should find that old VRD user guide or something so that we can understand what you are talking about.  aruba-ap is no longer configured by default for awhile now.  A Virtual AP without  a VLAN gets the controller's management VLAN.  The VLAN on a Virtual AP is designed to set a default VLAN if needed.  It was not designed as a security measure if the VLAN does not exist.  That is not a bug.

for me it al least explains what happens, thank you both.