Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Dynamic segmentation switch looks OK but no clients on the controllers

This thread has been viewed 7 times

  • 1.  Dynamic segmentation switch looks OK but no clients on the controllers

    Posted Jan 15, 2022 01:53 PM
    Any good debugging commands for dynamic segmentation on controllers? I'm building a lab setup and clients can authenticate properly but controller does not who any clients.

    With show port-access clients I can see status: success and the role is there, show port-access role shows UBT Gateway Role. This role is configured on the controllers, and I haved added allowall-policy to that and mapped it to a VLAN.

    However controllers do not show any clients with show user.

    (I can connect to the controllers' addresses with SSH from the switch so routing is OK)

    Any thoughts how to troubleshoot this, I'm thinking it's an issue on the controller side?


  • 2.  RE: Dynamic segmentation switch looks OK but no clients on the controllers

    Posted Jan 16, 2022 06:40 AM
    Hi,
    On the controller, you can check tunneled-users with the commands "show tunneled-node-mgr tunneled-users"
    Users appears on controller when they have a IP. If your client are in DHCP or bad static IP, they show up on the CLI commands but not on the user-table.
     
    MAC-address of the client appears on the switch ? 
    I hope this could help.

    Original Message


  • 3.  RE: Dynamic segmentation switch looks OK but no clients on the controllers
    Best Answer

    Posted Jan 18, 2022 06:36 AM
    This was an issue with firewall visibility feature on the controller. Even though I had enabled it on the group level, only one controller got the configuration. I had to disable it, reboot the controller, enable it and reboot again. After that I could see firewall-visibility command on both controllers. Then I also had to remove all the role configurations I made and re-create them before traffic actually started to work.
    Original Message