How do I configure the Aruba Wireless LAN controller with a cable modem (with dynamic IP address sent by the modem)?

Aruba Employee
Aruba Employee

Question: How do I configure the Aruba Wireless LAN controller with a cable modem (with dynamic IP address sent by the modem)?



Product and Software: This article applies to all Aruba controllers and ArubaOS versions.


Most deployments of an Aruba controller are in front of an Internet connection with a fixed IP address or a device downstream that would handle the dynamic nature of a broadband connection, like a SOHO router. What would happen at a site if you ONLY had a cable modem that supplies a dynamic address and an Aruba controller? Could the controller get an IP address, subnet mask, gateway, default route, and DNS settings and then route traffic? The answer, of course, is yes.

After you configure a management IP address and VLAN for the Aruba controller, create a separate VLAN for acquiring an IP address from your cable modem and assign it to a port using the 'ip address dhcp-client' command. This physical port would be connected to your cable modem or broadband device.

(Aruba) (config) #interface vlan 930
(Aruba) (config-subif)# ip address dhcp-client
(Aruba) (config-subif)# exit
(Aruba) (config) # interface fastethernet 1/0
(Aruba) (config-if)# switchport access vlan 930
(Aruba) (config-if)# end
(Aruba) # write memory


To route your clients out of that connection, the Aruba controller needs to get the default gateway from it dynamically. Use the 'ip default-gateway import' command to obtain your default gateway from the dynamic connection:

(Aruba) (config) #ip default-gateway import


Note: Disable spanning tree on the interface that is connected to the cable modem.


To automatically distribute the DNS server obtained from your broadband connection to clients in your pools, use the 'dns-server import' command:

(Aruba) (Config)# ip dhcp pool local
(Aruba) (Config)# network
(Aruba) (Config)# dns-server import
(Aruba) (Config)# domain-name
(Aruba) (Config)# lease 1 0 0
(Aruba) (Config)# default-router
(Aruba) (Config)# no shutdown
(Aruba) (config)# end
(Aruba) # write memory


Verify that the interface address was obtained dynamically:

(Aruba) #show ip interface brief

Interface IP Address / IP Netmask Admin Protocol

vlan 1 / up up

vlan 4000 / up up

vlan 930 / up up

DHCP is enabled on VLAN 930.


Verify that that the default gateway was obtained dynamically:

(Aruba) #show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default
Gateway of last resort is (DHCP) to network
S* [1/0] via*
C is directly connected, VLAN1
C is directly connected, VLAN4000
C is directly connected, VLAN10


Important note about security:

To ensure that no untrusted traffic comes from the Internet into the Aruba controller, create a session-acl that allows only DHCP and apply it to the interface that connects to the broadband device:

ip access-list session dhcp-only
any any svc-dhcp permit
any any any deny
interface fastethernet 1/0
ip access-group dhcp-only session



Version history
Revision #:
1 of 1
Last update:
‎07-04-2014 01:43 PM
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: