Wireless Access

 View Only
Expand all | Collapse all

Aruba 303 iPhone/iPad not connecting

This thread has been viewed 34 times
  • 1.  Aruba 303 iPhone/iPad not connecting

    Posted Nov 14, 2023 06:35 PM

    I am setting up an Aruba 303 AP.  I added a guest network that using the virtual controller to assign ip address.  Windows machines connect fine but any iPad or iPhone will not get an ip address.  I am guessing there is some setting I can change to fix this but not sure where to look.  



  • 2.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 14, 2023 11:51 PM

    are these devices not getting an IP address or because you might not have a public HTTPS server on the IAP, they are refusing to connect?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 15, 2023 05:44 PM

    It shows they are getting an IP address on the aruba but nothing shows for IP on the apple devices.  I do not have any captive portal.  Just a SSID and password.  Windows devices get an ip, default gateway, and the public DNS I assigned to the virtual controller and has access to the internet just fine.  




  • 4.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 16, 2023 02:32 AM

    What does the output of

    show clients status <mac>

    shows?

    What OS Version are you using?
    Do you use the internal DHCP Server or an external?




  • 5.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 16, 2023 02:31 PM
    That is the status output.  I am using the virtual controller to assign IP address and using 8.8.8.8 as the DNS.  For Client VLAN assignment I am using default.



  • 6.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 17, 2023 03:27 AM

    You are right, normally you should see this at the end of the output:

    Rap Bridge User Table
    ---------------------
    action  ip             mac                aclnum  bssid              essid        vlanid  wired
    ------  --             ---                ------  -----              -----        ------  -----
    0       172.31.98.179  86:b9:XX:XX:XX     151     b4:5d:50:XX:XX:XX  HITRON-3340  3333    0

    Here the IP Address of the client is stated.

    Can you show outputs from:
    show dhcp-allocation

    show network <ssid_name>




  • 7.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 17, 2023 12:17 PM

    User: admin
    ^Madmin
    Password:
    show tech-support and show tech-support supplemental are the two most useful outputs to collect for any kind of troubles
    hooting session.
    48:2f:6b:cf:7d:0e# show network CDP-Guest
    Name                   :CDP-Guest
    ESSID                  :CDP-Guest1
    Status                 :Enabled
    Mode                   :wpa2-psk-aes
    Band                   :all
    Type                   :guest
    Zone                   :
    Termination            :Disabled
    Passphrase             :2d6747376bc6039541663dfe2c30fcb3635410b604a48fa7
    Passphrase Size        :12
    WEP Key                :
    WEP Key Index          :1
    Coding                 :Default
    dot11r                 :Disabled
    dot11k                 :Disabled
    dot11v                 :Disabled
    mPSK                   :Disabled
    High Throughput        :Enabled
    Very High Throughput   :Enabled
    High Efficiency        :Enabled
    Enable Agile Multiband (MBO) :Disabled
    Advertize Cellular Data Capability attribute of MBO :Disabled
    VLAN                   :guest
    VLAN Type              :NULL
    Server Load Balancing  :Disabled
    MAC Authentication     :Disabled
    Prio Use Local Cache Auth  :Disabled
    MAC Authentication Delimiter :
    MAC Authentication Upper Case :Disabled
    Auth Packets MAC Delimiter :
    Auth Packets MAC Upper Case :Disabled
    Use IP for Calling-Station-ID :Disabled
    Called-Station-ID Type :macaddr
    Called-Station-ID Include SSID :Disabled
    Called-Station-ID Include SSID Delimiter :
    L2 Auth Failthrough    :Disabled
    Captive Portal         :disable
    Captive Portal Proxy   :
    ECP Profile            :default
    Exclude Uplink         :none
    Hide SSID              :Disabled
    Enforce DHCP           :Disabled
    Openflow Enable        :Disabled
    Content Filtering      :Disabled
    Auth Survivability     :Disabled
    Auth Survivability time-out     :24
    RADIUS Accounting           :Disabled
    Interim Accounting Interval :0
    Radius Reauth Interval      :0
    Download Roles from CPPM      :Disabled
    DTIM Interval               :1
    Inactivity Timeout          :1000
    explicit ageout client      :Disabled
    Dot1x WPA Key period        :1500
    Dot1x WPA key retries       :3
    Dot1x timer id-req period   :5
    Advertise AP Name      :Disabled
    Legacy Mode Bands           :all
    G Minimum Transmit Rate     :1
    G Maximum Transmit Rate     :54
    A Minimum Transmit Rate     :6
    A Maximum Transmit Rate     :54
    Multicast Rate Optimization :Disabled
    LEAP Use Session Key        :Disabled
    Broadcast-filter       :arp
    Max Authentication Failures :0
    Blacklisting                :Disabled
    WISPr                       :Disabled
    Accounting mode             :Authentication
    Work without usable uplink  :Enabled
    Deny inter user bridging    :Disabled
    Deny intra vlan traffic     :Enabled
    Percentage of Airtime: :Unlimited
    Overall Limit:         :Unlimited
    Per-user Limit:        :Unlimited
    Access Control Type:   :Network
    Dynamic Multicast Optimization      :Disabled
    DMO Channel Utilization Threshold   :90
    Video Multicast Rate                :default
    Local Probe Request Threshold       :0
    Auth Request Threshold              :0
    Max Clients Threshold               :64
    Background WMM DSCP       :
    Best Effort WMM DSCP      :
    Video WMM DSCP            :
    Voice WMM DSCP            :
    Background WMM Share       :0
    Best Effort WMM Share      :0
    Video WMM Share            :0
    Voice WMM Share            :0
    tspec                      :Disabled
    tspec-bandwidth :2000
    strict-svp     :Disabled
    Certificate Installed: :No
    Internal Radius Users   :0
    Internal Guest Users   :0
    Internal User Open Slots   :512
    Primary Auth Server     :
    Secondary Auth Server   :
    L2 Switch Mode          :Disabled
    Max IPv4 Users          :N/A
    allowed 5ghz radio      :all
    Role Derivation Rules
    ---------------------
    Attribute  Operation  Operand  Role Name  Index
    ---------  ---------  -------  ---------  -----
    Vlan Derivation Rules
    ---------------------
    Attribute  Operation  Operand  Vlan
    ---------  ---------  -------  ----
    RADIUS Servers
    --------------
    Name  IP Address  Port  Key  Timeout  Retry Count  NAS IP Address  NAS Identifier  RFC3576  RFC5997
    ----  ----------  ----  ---  -------  -----------  --------------  --------------  -------  -------
    LDAP Servers
    ------------
    Name  IP Address  Port  Timeout  Retry Count  Admin-DN  Admin Password  Base-DN
    ----  ----------  ----  -------  -----------  --------  --------------  -------
    Accounting Servers
    ------------------
    Name  IP Address  Port  Key  Timeout  Retry Count  NAS IP Address  NAS Identifier  RFC3576  RFC5997
    ----  ----------  ----  ---  -------  -----------  --------------  --------------  -------  -------
    ACL Vlan     :0
    ACL Captive Portal:disable
    ACL ECP Profile   :default
    CALEA             :disable
    Redirect Blocked HTTPS Traffic  :disable
    DPI error page URL:
    Bandwidth Limit   :downstream disable upstream disable
    Access Rules
    ------------
    Dest IP   Dest Mask        Eth Type  Dest Match  Protocol (id:sport:eport)  Application  Action  Log  TOS  802.1P  Black
    list  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia  TimeRange
    -------   ---------        --------  ----------  -------------------------  -----------  ------  ---  ---  ------  -----
    ----  ----------------------  ------  -------  -------------  ---------
    10.1.3.0  255.255.255.0    IPv4/6    match       any                                     deny
                                                   ClassifyMedia
    any       any              IPv4/6    match       any                                     permit
                                                   ClassifyMedia
    10.1.3.1  255.255.255.255  IPv4/6    match       any                                     permit
                                                   ClassifyMedia
    :Captive Portal Configuration
    Background Color:16777215
    Banner Color       :16750848
    Decoded Texts      :
    Banner Text        :Welcome to Guest Network
    Use Policy         :Please read terms and conditions before using Guest Network
    Terms of Use       :This network is not secure, and use is at your own risk
    Internal Captive Portal Redirect URL:
    Captive Portal Mode:Acknowledged
    Custom Logo        :
    :External Captive Portal Configuration
    Server:localhost
    Port               :80
    URL                :/
    Authentication Text:Authenticated
    External Captive Portal Redirect URL:
    Server Fail Through:No
    Auto White List    :Disable




  • 8.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 16, 2023 02:38 PM

    I am using firmware 8.6.0.23_88342




  • 9.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 20, 2023 03:43 AM

    From you screenshot above I cannot see any Client - or there was none connected - which has an IP Address allocated.

    Let us see what pappens if the Apple Device connects. Please open a serial connection and issue some packet Capturing commands:

    # debug pkt type dhcp

    # debug pkt dump

    And after that try to connect an iPhone




  • 10.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 20, 2023 03:42 PM
      |   view attached

    Attached is the output.  


    Attachment(s)

    txt
    output1.txt   165 KB 1 version


  • 11.  RE: Aruba 303 iPhone/iPad not connecting

    Posted Nov 21, 2023 03:05 AM

    From the logs I can see that the request come in:

    #mac: etype 0800 smac 5e:e6:92:54:a9:30 dmac ff:ff:ff:ff:ff:ff
      #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17 hdr len 20
           len 332, id 40364, cksum 1c35, ttl 255, dscp 48
           fragment ok, last fragment, frag off 0
        #udp: sport 68 dport 67 len 312
          #dhcp: message-type: request
                 hardware type: 1, len: 6, hops: 0
                 txn id: 0x057e8ed5, seconds elapsed: 2
                 client mac: 5e:e6:92:54:a9:30
                 magic cookie: 0x63825363
          #dhcp-option: message-type: discover
          #dhcp-option: aruba-vlan: 3333

    And an offer (IP) will be provided: 

    #ip: sip 172.31.98.1, dip 172.31.98.209, proto 17 hdr len 20
           len 324, id 0, cksum 5c98, ttl 64, dscp 0
           fragment ok, last fragment, frag off 0
        #udp: sport 67 dport 68 len 304
          #dhcp: message-type: reply
                 hardware type: 1, len: 6, hops: 0
                 txn id: 0x42abdcda, seconds elapsed: 0
                 your ip: 172.31.98.209
                 next server ip: 172.31.98.1
                 client mac: 5e:e6:92:54:a9:30
                 magic cookie: 0x63825363
          #dhcp-option: netmask: 255.255.254.0
          #dhcp-option: router: 172.31.98.1
          #dhcp-option: dns-server: 8.8.8.8
          #dhcp-option: message-type: offer
          #dhcp-option: dhcp-server: 172.31.98.1

    I am not an Apple so I don´t now how to validate on the Client site.




  • 12.  RE: Aruba 303 iPhone/iPad not connecting
    Best Answer

    Posted Nov 21, 2023 12:15 PM

    I think I fixed the issue.  Under Configuration -> Networks I edited the guest network.  On the first page click on show advanced options on the bottom and scroll down to Deny inter user bridging and enable it.  Now my iOS devices will connect using the virtual controller no problem.  Thanks everyone for taking the time to look into this.