I have a issue with IAP103 and Cloud controller, i try to install a SSID in Distributed,L3 and don't work !
When check, log, i have the following error :
<WARN> |AP APNAME@192.168.x.Y cli| AP 172.31.x.y: Client X:Y:Z:2e:e7:a7 incorrect vlan config
The tunnel is OK and i have try with the follow configuration :
ip dhcp l3-dhcp server-type Distributed,L3 server-vlan 30 ip-range 10.30.0.0 10.30.255.255 bid 0 dns-server 10.1.1.50,10.1.1.30 domain-name corpdomain.com client-count 200
wlan ssid-profile TEST enable index 3 type employee essid TEST wpa-passphrase XXXXXX opmode wpa2-psk-aes max-authentication-failures 0 vlan 30 auth-server InternalServer rf-band all captive-portal disable dtim-period 1 inactivity-timeout 1000 broadcast-filter arp dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64
My IAP using 22.214.171.124-126.96.36.199
My Controller : 188.8.131.52
Any idea ?
Ensure that the VLAN 30 also exists in the Aruba Controller and a proper tunnel id is created.
Please feel free for any further help on this.
How to check for the proper id tunnel ?
You can verify the Branch-id ( by mistake mentioned as tunnel-id) by using "show iap table long". this command will show a branch-id which is unique to each branch along with the subnet assigned to that branch. as per the branch-id, VC will map the VLAN and the DHCP pool to the client.
Hope you got some more clarity.
Please feel free for any further query on this.
It is ok for branch-id.. (i have bid for this cluster !)
but always the same error message !
Are you able to see the expected output when you use "show IAP table long" in the Controller. you have to look for the VLAN mapped to that branch id and also the status should be up.
(Aruba7010) #show iap table longTrusted Branch Validation: DisabledIAP Branch Table----------------Name VC MAC Address Status Inner IP Assigned Subnet Assigned Vlan Key Bid(Subnet Name) Tunnel End Points---- -------------- ------ -------- --------------- ------------- --- ---------------- -----------------CLUST-XXX 94:b4:0f:XX:XX:XX UP 192.168.202.4 10.30.0.0/24 88b7112401178bacb8151a0c8ee0cb6d03772c8b23853d36be 0(10.30.0.0-10.30.255.255,200)
Your problem coming from missing Vlan on your network.When using IAP-VPN, you need to have the vlan on IAP Ethernet Port.
Other IAP use this vlan to go on the tunnel.
did you get an clarifications regarding this?
@Aranya - Danno wrote:did you get an clarifications regarding this?
Yes, with the information about vlan, it works !
So if you have your vlans distributed out, you also need to have thoose vlans on the uplink to each ap in that cluster?
@Aranya - Danno wrote:So if you have your vlans distributed out, you also need to have thoose vlans on the uplink to each ap in that cluster?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.