Cloud Managed Networks

Dear,

I have a facility with 3 IAP's, 1 on the 1st floor, and 2 on the second floor, all managed by Aruba Central (cloud).
My dhcp server is external.
In the GRE / VPN configuration, I enabled the tunnel configuration by AP.
The problem is that in the 3rd IAP, clients do not always reach the external dchp server, and in 30% go pro 0.0.0.0 or APIPA 169.254.x.x, any tips on what to do?

At what physical position are you taking that capture?  Does the other side of the tunnel see the dhcp discovers?

Thanks for the quick response:

But I'm checking directly from the IAP.
We performed the debug on the DHCP server, and we did not receive the test user's request.
The DHCP server route is configured on the show datapath route (IAP);
Some users get a normal IP address;
I already changed the positioning equipment, I put new AP's, and it did not solve.
When we have 2 IAP's, the network works normally, but when we connect 3rd, the problem appears.
I thought the APs were communicating with the VC / Master, and it could not pass the number of requests tunneled to the server, but the configuration is Tunnel per IAP, that is, the IAP speaks directly with the server.
Any suggestion?

Is the GRE / VPN tunnel going through a firewall? Is it a GRE or a IPSEC tunnel? And at what for device is the tunnel terminated? Is it an Aruba controller?
You mentioned that the setup is working with 2 IAP's. When the third one is connected then the issue occurs. Is the setup not working anymore at all the IAP's or only the third one?

You can check the VPN status with the following commands.
show vpn status
show vpn tunnels

Also check the following log files
show log vpn-tunnel
show log vpn-tunnel-primary

It is a GRE tunnel, configured in Aruba Central (VPN), it does not pass through the firewall, and the configuration is the same in all 3 IAP's.
The routing profile is the same.
Gre primary, type, and the gre per-ap-tunnel setting is ok; the debug cloud server is the same;
Show ip route, datapaht route, and vpn are the same.

The only configurations that diverge are in the image show summary suport(VC = Left side // IAP with problem = Right side).

I also noticed that the Support Connection Status field is connected in the VC, but in the 2 IAP's it is not.

Has anyone had this problem? Any tips?

It seems that one device is configured locally and another is configured by central.  Can you SSH into the VC and see if "show aps" shows all of your access points at that site?

WMMGBHECTC00001-AP003 24# show aps


3 Access Points
---------------
Name IP Address Mode Spectrum Clients Type IPv6 Address Mesh Role Zone Serial # 2.4 Channel 2.4 Power (dB) 2
g Id Config Csum Ext SSID Active Age Link Local IP Address Utilization (%) 5.0 Noise Floor (dBm) Need Antenna Config From Port Confi
---- ---------- ---- -------- ------- ---- ------------ --------- ---- -------- ----------- -------------- -
------------------ --------------------- ----------- -------------- ------------------- --------------------- ------------------- --------- -----
---- ----------- --------------- --- ---------------------
WMMGBHECTC00001-AP003 24 10.1.24.130* access disable 0 207(indoor) -- N/A - CNDDJST22F 1 18 5
2(ok) -84(ok) 52E 18 56(ok) -90(good) No none 8

55353 enable 6d:19h:8m:52s --
WMMGBHECTC00001-AP002 10.1.24.142 access disable 1 207(indoor) -- N/A - CNDDJST1VB 6 18 4
2(good) -83(ok) 149E 18 95(poor) -89(good) No none 8
WMMGBHECTC00001-AP001 10.1.24.73 access disable 4 207(indoor) -- N/A - CNDDJST1LQ 1 18 7
6(poor) -88(good) 100E 16 21(good) -88(good) No none 8
55353 enable 3d:21h:16m:39s --

Please continue to work with TAC and let us know the resolution,  I am not sure I can guess what is wrong here.  You also have the option to escalate with TAC if you are not getting anywhere.