Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

303H RAP Wired VLAN

This thread has been viewed 32 times
  • 1.  303H RAP Wired VLAN

    Posted Apr 28, 2021 12:45 PM

    Hi All, 

    We've some 303H RAPs that're configured to tunnel the switchport traffic back to our controller. There are two VLANs I'm particularly interested in tunnelling back and have setup two different AP groups and profiles etc to reflect this. I'm finding that even though I've configured the AP wired port settings for a particular VLAN it doesn't appear to be taking when a client device is plugged in.

    I'm seeing in the output of show user MAC the following:

    Vlan default: 401, Assigned: 941, Current: 941 vlan-how: 7 DP assigned vlan:941

    Anyone have any idea why when the configuration is set to a single VLAN and Access that the clients are being dropped onto a different VLAN? 

    Thanks in advance. 



    ------------------------------
    Jase
    ------------------------------


  • 2.  RE: 303H RAP Wired VLAN

    Posted Apr 28, 2021 02:23 PM
    In the output, search for "VLAN Derivation:".  It should tell you how that client ended up in that VLAN. or type "show aaa debug vlan user ip <ip address of client>" to get a clue why it is in that VLAN.


    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: 303H RAP Wired VLAN

    Posted Apr 29, 2021 03:28 AM

    Thanks for the reply. The output from that command is:

    VLAN types present for this User
    ================================

    Default VLAN : 401
    MBA Role Contained : 941

    VLAN Derivation History
    =======================

    VLAN Derivation History Index : 8
    1. VLAN 0 for Reset VLANs for Station up
    2. VLAN 401 for Default VLAN
    3. VLAN 401 for Current VLAN updated
    4. VLAN 0 for Reset Role Based VLANs
    5. VLAN 0 for Reset Mac Auth Based VLANs
    6. VLAN 941 for MBA Role Contained
    7. VLAN 941 for Current VLAN updated
    8. VLAN 941 for VLAN exported


    Current VLAN : 941 (MBA Role Contained)



    ------------------------------
    Jase
    ------------------------------



  • 4.  RE: 303H RAP Wired VLAN

    Posted Apr 29, 2021 04:30 AM
    MBA = Mac based authentication.  That means that you did mac based authentication and the returned role has a VLAN  configured.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 5.  RE: 303H RAP Wired VLAN

    Posted Apr 29, 2021 04:36 AM
    Thanks for the reply. Yes, MBA using the internal DB but don't see anywhere to stipulate a VLAN for a particular device.

    ------------------------------
    Jase
    ------------------------------



  • 6.  RE: 303H RAP Wired VLAN

    Posted Apr 29, 2021 04:42 AM
    Does that internal entry have a role attached?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 7.  RE: 303H RAP Wired VLAN

    Posted Apr 29, 2021 04:58 AM
    Aha. Yep, found reference to the VLAN in the role. I'll create another role for the alternate VLAN for the devices we want to control. 

    Thanks for the direction.

    ------------------------------
    Jase
    ------------------------------