Even when using open authentication, I still can't get into the corporate VLAN's. So that's likely where the problem is. Now I just need to find out why.
More info: When connecting to the CorpNet-test WLAN, users should be placed into VLAN 13 which exists on their LAN. The controller is configured for VLAN 13, and this works when using a RAP.
(Aruba3200) #show iap table long
^
% Invalid input detected at '^' marker.
(Aruba3200) #show iap table
Branch Key Index Status Inner IP MAC Address Subnet
---------- ----- ------ -------- ----------- ------
e08b7d4501281ae829dbae1edb29b03d8bac95cde9c74dd06a 1 UP 172.17.2.3 00:0b:86:8d:fd:ca
7239dace01c6309af9eb7c81b8670a22f41b74651160d5a5a1 0 DOWN 0.0.0.0 00:0b:86:83:4a:4f
The IAP config:
--------------------
version 6.2.1.0-3.3.0
virtual-controller-country CA
virtual-controller-key *
name corp-Instant
terminal-access
clock timezone none 00 00
rf-band all
dynamic-radius-proxy
allow-new-aps
allowed-ap 00:0b:86:8d:fd:ca
routing-profile
route 10.10.0.0 255.255.0.0 10.10.0.230
route 10.14.0.0 255.255.0.0 10.10.0.230
route 10.13.0.0 255.255.0.0 10.10.0.230
route 10.12.0.0 255.255.254.0 10.10.0.230
arm
wide-bands 5ghz
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
vpn primary 207.164.26.155
mgmt-user admin *
wlan access-rule basic
rule any any match any any any permit
wlan access-rule corpNet-test
rule any any match any any any permit
wlan access-rule default_dev_rule
rule any any match any any any permit
wlan access-rule default_wired_port_profile
rule any any match any any any permit
wlan access-rule wired-instant
rule 192.168.220.149 255.255.255.255 match tcp 80 80 permit
rule 192.168.220.149 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan ssid-profile basic
enable
index 0
type employee
essid basic
wpa-passphrase *
opmode wpa2-psk-aes
max-authentication-failures 0
vlan guest
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
blacklist
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
wlan ssid-profile corpNet-test
enable
index 1
type employee
essid corpNet-test
opmode wpa2-aes
max-authentication-failures 0
vlan 13
auth-server corp-Radius
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
blacklist
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan auth-server corp-Radius
ip 10.10.0.103
port 1812
acctport 1813
key *
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
blacklist-time 3600
auth-failure-blacklist-time 3600
ids
wireless-containment none
ip dhcp Vlan13_DHCP
server-type Centralized,L2
server-vlan 13
dhcp-relay
dhcp-server 10.10.1.6
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
id _airplay._tcp
id _raop._tcp
airgroupservice airprint
disable
description AirPrint
id _ipp._tcp
id _pdl-datastream._tcp
id _printer._tcp
id _scanner._tcp
id _universal._sub._ipp._tcp
id _printer._sub._http._tcp
id _http._tcp
id _http-alt._tcp
id _ipp-tls._tcp
id _fax-ipp._tcp
id _riousbprint._tcp
id _cups._sub._ipp._tcp
id _cups._sub._fax-ipp._tcp
id _ica-networking._tcp
id _ptp._tcp
id _canon-bjnp1._tcp