I connect IAP 104 to Cisco POE switch. Switch is not connected to any part of network and switch is in VLAN 1 by default.
I configure the IP of IAP to 192.168.68.4 and same IAP is configured as a virtual controller having IP 192.168.68.19. In VC configuration i assigne the VLAN number 1, subnet mask and DG 192.168.68.253. I connected my laptop to the switch and assign the IP to my laptop of same subnet i.e 192.168.68.41 255.255.255.0. I ping the IAP "IP" 192.168.68.4 from my laptop which being successsfulll. When i ping the VC "IP" 192.168.68.19 from my laptop , ping is not successfull.
All IP's are statically assinged.
From the User Guide.
Ensure that Virtual Controller VLAN is not the same as native VLAN of the IAP.
You would only enter those parameters if you want the VC ip to be in a different subnet to the IAP themselves.
If they all on same subnet you only need to enter here.
Do i have to create a separate SSID with different VLAN ID ?
or what i have to do ? Confused.
I f i assigned the IAP IP 192.168.68.4 in VLAN 1 and IAP VC IP 192.168.70.19 from VLAN 2. Is this VLAN 2 exists via some SSID and VLAN 2 subnet is allowed on DHCP server ?
Please tell me in detail
A. be sure that you are on the lastest version ArubaInstant_XXXXXXXXX_184.108.40.206-220.127.116.11_43022
B. Uplink tab on the Edit Access Point menu. Changing the Uplink management VLAN
And if still dosent work - read here:
The VC will push the update to the other IAP. Like kdisc98 mentioned an update is necessary as you have an older version.
sorry to dig that I am but I do have a similiar question and some of the above posts are confusing to me.
"From the user guide:
You would only enter those parameters if you want the VC ip to be in a different subnet to the IAP themselves."
I always have my VC along with my IAPs and switches in the same management VLAN and in the same subnet. This VLAN is a default/native/PVID VLAN configured on every port that has IAP connected to it. Thought that this is a correct approach. The outcome is that being associated with a wireless network deployed on the cluster, I can ping my VC in the management VLAN, but I can't access it using HTTPS. Is that proper behavior? I would highly appreciate if someone clarifies that.
You should be able to ping and SSH into it even if you are associated to the IAP.
Thanks for the info!
I will verify that on Monday.
Basing on your post one can assume that HTTPS access to VC is not possible by default. Is that correct?
If yes, how can I enable it? I think that for some IAP205 based clusters I have deployed over a year ago, it was possible if I only interVLAN routing was configured. Did something change with new firmware?
https access is possible to the VC unless you block it in some way, period.
I have verified my access policies to the management VLAN. They all look ok. While being connected to Aruba IAP-305 I can not access VC through HTTPS. At the same time I can access my HPE 1950 stack using HTTPS which is in the same subnet and VLAN as VC and IAPs. It seems like something with the VC configuration is wrong and that it prevents any administrative access.
I can ping it, but no SSH,HTTPS or telnet connectivity.
I think there is a bug.
After adding more than one SSID, creating two zones and assigning SSIDs to them, now I can access VC being connected to a WLAN on IAP cluster. It was not possible before.
Are you using the latest GA version of Instant software?
I am on 6.5.x.x.
My cluster is formed from ten IAP-305 APs.
I did not know that this problem will grow so much. Maybe I should have started my own thread.
Will check later the exact version as I am at another location.
I have noticed another unexpected behavior. When I only powered up a single AP from that cluster, the issue reoccured.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.