AirWave and Network Management

New Contributor

LocalDNS, DHCP and Multiple SSID's


We're having a bit of an issue with a configuration change on one of our controllers which is currently in production. Essentially, the configuration currently is as follows:

-Aruba3600 Controller currently running ArubaOS
-RAP5-WN's at each individual location.
-x3 SSID's under 1 AP group
-Two are configured as a Split Tunnel
-One configured currently configured as Split Tunnel but we would like to change to bridging mode.

All three of these SSID's are in one AP Group and we would like them to remain all in their own group if at all possible.

Essentially, what we are trying to do is have one of the SSID's in this group act as its own separate network with a dhcp server. (Essentially as its own typical home based router with DHCP server..)

We do not want the users to be able to contact other users at different locations; however we would like them to be able to connect to each other within the local network.

Currently, I've things as follows:

-Set the virtual AP profile to Bridge mode.

-Then configured the AP profile as follows:
ap-group "APGroup"
virtual-ap "DEVHotspot_WLAN-vap_prof"
virtual-ap "DEVPhone_WLAN-vap_prof"
virtual-ap "DEVDemo_WLAN-vap_prof"
ap-system-profile "apsys_prof-vfq70"

ip dhcp pool Demo
vlan 11
interface vlan 11
ip address
ip nat inside
operstate up
ap system-profile "apsys_prof-vfq70"
rap-dhcp-server-vlan 11
wlan virtual-ap "Demo_WLAN-vap_prof"
ssid-profile "Demo_WLAN-ssid_prof"
vlan 11
forward-mode bridge
rap-operation always

When we configure it this way however, the client gets the 192.168.11.x an ip address, however he is unable to ping the gateway..
Essentially we would like to be utilizing the DHCP server on the RAP's if possible.

Any help or direction would be greatly appreciated.

Thanks in advance,
Aruba Employee

Re: LocalDNS, DHCP and Multiple SSID's

Hi John,

Can you post the AAA profile for this VAP, user role used in the AAA profile, the policies used for this user role and aliases if any.

New Contributor

Re: LocalDNS, DHCP and Multiple SSID's

Hello Sathya,

Thank you for getting back to me so quickly. The information you requested is as follows:

aaa profile "Demo_WLAN-aaa_prof"
initial-role "Allow-All"
dot1x-default-role "Allow-All"
user-role Allow-All
access-list session allowall
ip access-list session allowall
any network x.x.x.x any permit queue high
any network x.x.x.x any permit queue high
any any any permit

For now, I configured the aaa profile to allow-all. as Id like to make this as simple as possibly until I get it working.

New Contributor

Re: LocalDNS, DHCP and Multiple SSID's

It ended up being an access-list issue. I changed the any-any rule from to src-nat from permit, and it appears to be functioning correctly now.

ip access-list session Allow-All
any any any src-nat

Thanks for leading me in the right direction!

Search Airheads
Showing results for 
Search instead for 
Did you mean: