Hi,
I deploy multiple IAP 207 with latest firmware as pure AP to replace existing old AP. DHCP was assigned by Firewall. After replace Aruba IAP, 2 strange problem appear
1. User notebook was connected with Aruba AP SSID WIFI running perfectly. After a while(randomly), it will then appear No internet on their notebook. When I perform troubleshooting, from user notebook I cant even ping to Aruba AP IP. Ipconfig show that the assigned DHCP IP still exist and WIFI still conected to Aruba AP SSID. I need to disconnect and re-connect again to make it work.
2. From user notebook, it always cant ping to 175.136.241.158 public IP. It intermitten able to ping but most of the time is timeout. Firewall non blocking, when using old AP. Ping to above public IP was no problem. In Aruba, no specific block rules was created
Below are my IAP configuration file for your reference.
version 8.3.0.0-8.3.0
virtual-controller-country MY
virtual-controller-key 8batac51863b701ac56b65d89eacf71348b3b72104a2eee84374bae
name "Aruba VC"
terminal-access
ntp-server 183.177.72.202
clock timezone Singapore 08 00
rf-band all
allow-new-aps
allowed-ap b0:b8:67:c1:bc:9e
arm
wide-bands 5ghz
80mhz-support
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode default-access
client-aware
scanning
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
extended-ssid
hash-mgmt-password
hash-mgmt-user admin password hash
wlan access-rule Staffs@Aruba
index 0
rule any any match any any any permit
wlan access-rule default_wired_port_profile
index 1
rule any any match any any any permit
wlan access-rule wired-SetMeUp
index 2
rule masterip 0.0.0.0 match tcp 80 80 permit
rule masterip 0.0.0.0 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan ssid-profile Staffs@Aruba
enable
index 0
type employee
essid Staffs@Aruba
wpa-passphrase 12345678ABCDEFAKE
opmode wpa-psk-aes
max-authentication-failures 0
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 86400
broadcast-filter arp
content-filtering
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
dpi
url-visibility
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
https
blacklist-time 3600
auth-failure-blacklist-time 3600
ids
wireless-containment none
wired-port-profile wired-SetMeUp
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-SetMeUp
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
airgroupservice airprint
disable
description AirPrint
cluster-security
allow-low-assurance-devices