Controllerless Networks

last person joined: yesterday 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

2 AP 105's - Issue

  • 1.  2 AP 105's - Issue

    Posted Jul 01, 2013 03:43 PM

    I am not sure what to make of this, the situation is as follows.  I have two AP 105's in two different subnets, one is for employees (vlan1) and the other for guests (vlan2).  I was told that I can't put the second AP on the same trunk as the first AP, since the native vlan must match the port vlan it is assigned.  So, since I have two different vlans I can't match the native vlan to both vlan1 and vlan2.  What I did was I have 3 cisco 2960 gigabit switches connected to an ISA570 and these switches are trunking vlans 1 & 12, so I just put the first AP in a vlan 1 port.  For the second AP I went ahead added two access ports in vlan2 on switch 3 where one port goes to the AP and the other the ISA570 firewall.  The issues I am having is some machines can't switch between the two AP's sometimes, it seems to connect, but I do not get an ip address or it will keep the ip address assigned from the first network.  I have my ISA570 handing out dhcp BTW.  I wish there was a way I could put my second AP trunked with the rest of my vlans, is this definitely not possible?

     

    Oh and also, I have set the second AP set to 'default vlan', if I change the SSID to static vlan2, I don't get an ip address on my clients for this AP.  Doesn't make any sense to me at all since the port is in vlan2 for this AP.



  • 2.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 07:56 AM
      |   view attached

     

    Why are you trying to accomplish ?

     

    Not sure if this what you are trying to achieve? :

     

     

     

    Attachment(s)



  • 3.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 08:55 AM

    Very simple situation.  We have two Aruba 105's.   One is for employees (192.168.1.0/24)) and one for guests (192.168.25.0/24).  We don't want to be roaming, we have these AP's in standalone mode and are completely separate from one another.  I need best practices here on how to setup two of them, as I have been told and it seemed to give me issues, is that you cannot have two AP's on one trunk, because of the native vlan will be a mismatch on one of the AP's.  So, I have setup one that trunks through my switches with the rest of my vlans and the other AP that has two access ports setup where one goes to my AP and one goes to a separate port on my firewall, which in turn bypasses the two AP's on one trunk port issue I was having.  However, in this scenario it seems that there may be an issue with this setup, I am not sure.  I was doing testing connecting machines to one AP and then connecting to the other just to make sure both AP's were working and dhcp from my firewall is okay.  Some machines are fine most of the time, some machines can't switch between the two without having an issue where they either don't get an ip address when they go to connect to the second AP or it still shows the ip from the first network the first AP is connected to.   Really just trying to find the best way to set these up.



  • 4.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 09:37 AM

     

    Where are you defining the DHCP pools for these ?

     

    Does VLAN 2 exist on those switches ?

     

    The native VLAN shouldn't matter if you are not trunking to the IAPs.

     

    Do you have a trunk setup between the switche and the Firewall ? 



  • 5.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 09:45 AM

    So here is the setup, did a little diagram.  So vlan 2 for guest AP is only on switch 3.  Yes the switches are trunking to the ISA and the ISA port is set to trunk for vlan 1, which the first AP is connected.  The dhcp pools are being defined on the ISA, there are vlans setup and there are dhcp pools for each vlan.

     

    ScreenShot011.gif

     



  • 6.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 02:02 PM

    Anybody out there setup two AP's on different vlans?



  • 7.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 02:21 PM

     

    Why don't you just trunk VLAN 2 back to the firewall / Switch 3 and setup a Native VLAN2 for that trunk  ?

     

    What is your expectation when a user connecting to AP/VLAN1 disconnects and then associates to AP/VLAN2 ?

     

    Is your problem that they can't get an IP at all when they do that ?

     

    Having two APs with SSIDs in different segment shouldn't be an issue.

     

    How do you have configured the Guest SSID ? Network assigned or VC assigned ?



  • 8.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 02:32 PM

    I will try it again, but believe that gave me issues because the native vlan on the switch port was different for the second AP.  If native vlan doesn't matter and the second AP data can be tagged, then I guess the info I got was wrong.  Both vlans are network assigned.



  • 9.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 02:39 PM

     

    If you configure the APs to be connected to an access port it shouldn't matter .

     

    How do you have configure the wired settings on the IAP ?

     

     



  • 10.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 02:44 PM

    Your question above, I can't change the native vlan to vlan 2, because my data traffic is on vlan 1 (I don't want data network tagged) AND my first AP is on vlan 1 already.  

     

    Not sure what you mean about the wired settings, they have static ip's outside of the dhcp pool.  

     

    How do I configure the SSID's when it asks what the client vlan assignment should be?  Do I put static vlan 1 for first AP's SSID and static vlan 2 for the second AP's SSID? Or, set them both to defalut?



  • 11.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 02:48 PM

    SSID Settings :

     

    Instant_2013-07-02_14-47-22.png

     

    Wired settings :

     

    Instant_2013-07-02_14-45-48.png



  • 12.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 03:46 PM

    That second screenshot, how do I get there, i don't don't see a tab with 'wired'.

     

     

     

    My first AP just had an issue, he connected to the first AP in vlan 1 and it didn't issue dhcp, I checked and it looks like

    the ip address that was showing was the ip his home router assigned him, because he had connected to his home network

    for his last connection.  So, it is like it doesn't want to update the ip, but it is hit or miss, sometimes it works on some machines.

    Here is my issue, obviously others were or are having the same issue, but there was no answer on it:

     

    http://community.arubanetworks.com/t5/Access-Points/AP-105-s-not-letting-clients-get-IP-via-DHCP/td-p/8184/page/3

     

     

    UPDATE: I checked under more-->wired and found that the mode was set to 'trunk' I changed it to 'access' and to vlan 2 on the second AP, but it did nothing.  I did the same to the other AP in vlan 1 and that did nothing.

     

    ScreenShot015.gif

     

     

     At this point I am not even worried about the second access point, because the first one isn't functioning correctly it looks like and that one is setup the way it should be if you check the diagram I posted on the first page.  I can't believe how frustrating this is.  Time to buy some cisco AP's I think :p



  • 13.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 04:46 PM

     

    Let's start fresh :

     

    - Can you get an IP through DHCP if you connect your laptop directly to a port on a switch with VLAN 1 or VLAN 2 ?

    - Can you please share a screenshot of how do you have the SSID's configured on each IAPs

    - Instead of configuring each port on the switch as trunk instead and change the wired settings to trunk on the IAPs on IAP1 setup the native VLAN as 1 and on IAP 2 set the native VLAN as 2 

    - Make sure that the SSID settings are set to network assigned 

    - And also that you assign the right wired profile to e0

     

    Screen Shot 2013-07-02 at 4.48.43 PM.png

     

     

    Screen Shot 2013-07-02 at 4.50.01 PM.png

     



  • 14.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 04:54 PM

    ScreenShot017.gifScreenShot016.gifBoth have the correct profile attached to eth0/0.  Yes, I can get a dhcp address on both vlans by hooking a computer to them.



  • 15.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:07 PM

    If you do show int trunk in the switch do you see the trunk formed and what VLANs are available ?


  • 16.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:19 PM

    Yep, all three switches, see attached.  I just went ahead and trunked the second AP through with the rest of the vlans and that didn't do anything.  ScreenShot018.jpg



  • 17.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:25 PM

    I can't even access the gui now for the guest AP that I trunked it through with the other vlans.



  • 18.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:37 PM

     

    You can't access the gui because the Native VLAN on that trunk is set to 1 



  • 19.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:38 PM

     

    So you can't get an IP on any of the IAPs ?



  • 20.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:52 PM

    So I can connect to Aventis, but not the Aventisguest.  I can't get to the gui on the second AP, do I need to change the native vlan to vlan 1 to be able to access the gui on the aventisguest?  



  • 21.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:56 PM
    On the trunk going to IAP set the native VLAN 2


  • 22.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 05:57 PM
    Based on snapshot you provided it was set to 1 on the IAP is already set to 2


  • 23.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 06:00 PM

    Are you referring to the trunk that links my switches?  I am assuming you are because both AP's are on access ports.  I can't change the native vlan on the trunk, because then I wouldn't be able to access the other AP that has a native vlan of 1.  Plus, I don't want my vlan 1 to be tagged because it has all my other computers in the network sitting in this vlan.



  • 24.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 06:04 PM
    But that IAP guest is not serving any users on that VLAN 1 ?


  • 25.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 06:06 PM

    That IAP serves no users in vlan 1.  It is a standalone IAP just for guests.  The other IAP is in vlan 1 and is for employess.



  • 26.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 06:23 PM
    So why do you need VLAN 1 as a native going in the trunk to Guest IAP ?


  • 27.  RE: 2 AP 105's - Issue

    Posted Jul 02, 2013 06:47 PM

    I think we are getting confused here, can you see the diagram of how I had it configured, it shows the whole shebang.  I need vlan 1 to be native because my computers on my lan are in vlan 1.  I don't want my regular data getting tagged, no real reason for it, probably more overhead.  Instead, from what I gather the rule of thumb is to tag everything else, correct?  

     

    vlan 1 is our data network (all computers)

    So, the first AP is in vlan 1 (192.168.1.0/24)

    Second AP is in vlan 2 (192.168.25.0/24)

    vlan 12 is for IP Phones

     

    All switches are trunk together and the native vlan for each is vlan 1.  So, the way I see it, I should be putting both access points on access ports, which they are.  I have no idea what it means to set the AP's themselves to access/trunk as they are connected to access ports on the switches.  

     



  • 28.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 08:06 AM

    Please follow these steps , this should get you going :

     

    IAPs side of things
    Guest IAP

    Screen Shot 2013-07-03 at 7.36.30 AM.png

     

    Assign a STATIC IP on 192.168.1.0/24 so you can reach it through VLAN 1 and make sure you exclude the IP in the firewall so it doesn't conflict with another device

    Screen Shot 2013-07-03 at 7.40.31 AM.png

     

    Configure Guest IAP wired settings
    Screen Shot 2013-07-03 at 7.40.58 AM.png

    Employee IAP

     

    Configure it to be network assigned and leave it as default

    Screen Shot 2013-07-03 at 7.42.11 AM.png

     

    Assign a STATIC IP on 192.168.1.0/24 so you can reach it through VLAN 1 and make sure you exclude the IP in the firewall so it doesn't conflict with another device

    Screen Shot 2013-07-03 at 7.42.40 AM.png

     

    Configure the wired settings for the employee IAP this way

    Screen Shot 2013-07-03 at 7.42.56 AM.png


    Cisco side of things


    interface GigabitEthernet0/2
    description EMPLOYEE_IAP
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    switchport mode trunk

    interface GigabitEthernet0/4
    description GUEST_IAP
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 2
    switchport mode trunk



  • 29.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 08:46 AM

    Appreciate the post, so my trunk right now is native vlan 1 all through my switches, if i put another trunk port on let's say switch 3 for the GUEST AP , do I have to make another trunk link back up my switches to my firewall since it will be on native vlan 2 and my trunk right now is native vlan 1?  



  • 30.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 09:07 AM

     

    The native VLAN is per trunk not per switch so it shouldn't impact whatever you setup going back to your IAP the trunk config I shared was for the ports going to your IAPs not back to your firewall.



  • 31.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 09:18 AM

    No, I get that.  But, if I set two more trunks on say switch 3 to both IAP's as you mentioned, will that data from those trunks pass along the main trunk I have connecting my switches and gateway?  I have to get back to my gateway for these new trunks I will setup for the IAP's.



  • 32.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 11:18 AM

     

    It should work.



  • 33.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 12:10 PM

    Will I also be able to access my guest AP's GUI interface if native vlan is vlan 2?  I had issues yesterday with that because my computer is in vlan 1.



  • 34.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 12:45 PM

    Great, I will try this.  



  • 35.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 01:43 PM

    UPDATE:

     

    I haven't made any changes yet.

     

    My first AP is not acting right again, the client isn't updating the ip when connecting to the empoyee ap on vlan 1.  I have the wired settings set to Access mode, not trunking and native mode is set to native vlan 1.  This should work and now it isn't.  I have been reading many other people having issues with Arubas and they enable ip helper, but that shouldn't be needed because it is a layer 2 switch.  Once I issue a ip config /release and ipconfig /renew all is well and it gets an ip address.  It is like it is timing out from the AP on the intial connect.



  • 36.  RE: 2 AP 105's - Issue

    Posted Jul 08, 2013 11:12 AM

    So after working with Aruba Tech, it looks like they think it is an issue with the clients not sending a dhcp discover.  However, I have two identical machines, one has the issue and one doesn't.  So, I have a hard time believing it is a client issue.  If anybody else is having issues with these AP105's and dhcp let me know.  Anytime I do a ipconfig release/renew on the machines after connecting to either of our AP's, it then gets an dhcp address.  I dont' want to have my users type in ipconfig /release/renew when they want to connect to our network.

     

    Let me know if anyone else has any ideas.  I thought maybe the intel card was an issue, tried new drivers, rolled back drivers, nothing works.  At a loss.



  • 37.  RE: 2 AP 105's - Issue

    Posted Jul 08, 2013 11:04 PM
    I still think you might have a configuration issue .

    In reality this is not a very complex scenario .

    To confirm what TAC suggested why don't you run a packet capture on the client that is having the issue

    As a test can you create an ip dhcp pool for your guest on the switch instead of using the one created inside the firewall ?


  • 38.  RE: 2 AP 105's - Issue

    Posted Jul 09, 2013 09:39 AM

    Well, I did get a hold of Tac and we did run a packet capture on the ISA and on the client.  It looks like the client is not sending a dhcp discovery for whatever reason on the initial connect when the machine has been connected to a wireless network previously.  If the machine is rebooted I can connect to either AP, but one I go to the other AP it has issues and doesn't send the dhcp discovery.  I tested this at home to see if I would have the same issue and it did.  This points to a client issue from the sound of it, however, I can't explain the issue with the identical machines where one is okay and the other is not.

     



  • 39.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 12:30 PM
    You should , please follow the screenshots . Allow VLAN 1 in that trunk and also assign an ip address to the virtual controller that is part of 192.168.1.0 segment .


  • 40.  RE: 2 AP 105's - Issue

    Posted Jul 03, 2013 12:32 PM
    That will give access to the guest IAP and employee IAP and both have predictable addresses too