Security

last person joined: 23 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

APs IP address is 192.168.11.1

Jump to Best Answer
  • 1.  APs IP address is 192.168.11.1

    Posted Dec 05, 2013 04:34 AM

    Hello!

     

    I'm wondering about one thing - when I run command show datapath user ip-addr <IPaddr of AP> it results with this:

     


    IP MAC ACLs Contract Location Age Sessions Flags Vlan FM IdleTMO
    --------------- ----------------- ------- --------- -------- --- --------- ----- ---- -- -------
    192.168.11.1 6C:F3:7F:CD:07:4A 2700/0 0/0 10 1366 0/65535 P 4095 N 300
    172.23.32.49 6C:F3:7F:CD:07:4A 2700/0 0/0 10 24053 0/65535 P 1 N 300

     

    Same AP has two IP address - There is no VLAN 4095 on controller and we haven't any 192.168 network subnet. The only place there 192.168.11.1 address is shown is on RAP-profile but this is not activated.

     

    Someone who can explain this?

     

    Aruba-controller: 2x7220 (Master-Master)

    AOS: 6.3.1.1

     



  • 2.  RE: APs IP address is 192.168.11.1
    Best Answer

    Posted Dec 05, 2013 04:59 AM

    @AirAO wrote:

    Hello!

     

    I'm wondering about one thing - when I run command show datapath user ip-addr <IPaddr of AP> it results with this:

     


    IP MAC ACLs Contract Location Age Sessions Flags Vlan FM IdleTMO
    --------------- ----------------- ------- --------- -------- --- --------- ----- ---- -- -------
    192.168.11.1 6C:F3:7F:CD:07:4A 2700/0 0/0 10 1366 0/65535 P 4095 N 300
    172.23.32.49 6C:F3:7F:CD:07:4A 2700/0 0/0 10 24053 0/65535 P 1 N 300

     

    Same AP has two IP address - There is no VLAN 4095 on controller and we haven't any 192.168 network subnet. The only place there 192.168.11.1 address is shown is on RAP-profile but this is not activated.

     

    Someone who can explain this?

     

    Aruba-controller: 2x7220 (Master-Master)

    AOS: 6.3.1.1

     


    It is an internal VLAN.  You can ignore it.



  • 3.  RE: APs IP address is 192.168.11.1

    Posted Dec 05, 2013 05:01 AM

    Thanks!!

     

    One thing less to worrie about!:smileyhappy:



  • 4.  RE: APs IP address is 192.168.11.1

    Posted Dec 05, 2013 05:09 AM

    That subnet is indeed part of the normal RAP software operation. You can see it under the ap-system proflie.

     

    Under normal circumstances, it uses it on the wired port (E1 inside perhaps, depending on type) for provisioning. It also uses it when the RAP is isolated in terms of uplink.

     

    I just checked on my lab controller (same ver as you), and I see the same thing from the RAP.

     

    My theory would be that for some reason, the RAP is sending packets up the tunnel with that source as well as all the other normal stuff (ipsec etc).

     

    Unless it's causing you an operational problem, I wouldn't worry about it.



  • 5.  RE: APs IP address is 192.168.11.1

    Posted Dec 05, 2013 05:17 AM

    Ok, thanks for explanation!

     

    Right now we don't expirience any operationa problems.