Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Problem with http and telnet traffic when using Aruba access point and controller

  • 1.  Problem with http and telnet traffic when using Aruba access point and controller

    Posted Jul 26, 2013 06:49 PM

    We currently use an Aruba 800 Mobility Controller with AP70 access points. We have recently installed some Moxa wireless serial device controllers and connected them to the wireless network. We can ping the units but cannot gain access to the web config page or telnet into them for management purposes. As part of my troubleshooting, I replaced the Aruba WAP with an old Cisco standalone access point and once the Moxa's are connected to this I can telnet, http into them fine.

     

    I can only assume there is some kind of ACL policy in place on the controller blocking this kind of traffic. Can someone please point me in the right direction into how I can resolve this problem.

     

    Many thanks



  • 2.  RE: Problem with http and telnet traffic when using Aruba access point and controller

    Posted Jul 26, 2013 08:41 PM

    Assuming you have a firewall license, each device that connects to the network is placed into a role.   Find out what role the device is in and run "show rights <nameofrole>".   This will show you the policies and applied to the devices.    Most ACLs are written with "user" as the source.  For example a rule that says "user any svc-http permit" will allow the device to use http; but not allow http into the device.    In your case, if you want to telnet and http to them, you'll need to make sure you have a rule that allows those protocols to the device by chaning the source to any instead of user.

     

    any any svc-telnet permit

    any any svc-http permit

     

     



  • 3.  RE: Problem with http and telnet traffic when using Aruba access point and controller

    Posted Jul 26, 2013 10:45 PM
    You can also run this command to see what additional traffic may be getting blocked.

    Show datapath session table | include <IP address>