Controllerless Networks

Hey,

we are using 4 Aruba AP-304, latest firmware: 8.3.0.5_68279 is installed.

dhcp for different ssid with different vlans works fine.

Now I started with virtualbox and bridge mode for vm network card, this means, vm requests own ip via dhcp.

vm requested IP, central dhcp answers, but vm does not get the response.

If I connect my system with wired network, it works.

host system, where virtualbox is installed, uses dhcp too, it works.

Wifi and wired network has same firewall rules.

There are enough free ip addresses for dhcp.

If I set static IP for vm, then network access works.

I tested it with macos and windows as host system for virtualbox, same result. Host systems get IP via dhcp over wifi, but virtualbox guest does not get any answer from dhcp server.

for me it looks atm, that access points drop dhcp server response, and I do not know, why.

best regards,

thomas.

example: vm has mac 08:00:27:9d:8e:40

debug pkt match mac 08:00:27:9d:8e:40

debug pkt dump

Received packet from aruba001 (timestamp (2019-1-25 11:54:52:309876))
[asap_firewall_forward(5700):firewall entry] len 337, vlan 0, egress CP, ingress aruba001:
  #mac: etype 0800 smac f4:0f:24:38:64:75 dmac ff:ff:ff:ff:ff:ff
  #ip: sip 0.0.0.0, dip 255.255.255.255, proto 17 hdr len 20
       len 323, id 0, cksum 79ab, ttl 64, dscp 0
       fragment ok, last fragment, frag off 0
    #udp: sport 68 dport 67 len 303
      #dhcp: message-type: request
             hardware type: 1, len: 6, hops: 0
             txn id: 0x7de59fae, seconds elapsed: 1
             boot flags: 0x8000
             client mac: 08:00:27:9d:8e:40
             magic cookie: 0x63825363
      #dhcp-option: message-type: discover
[asap_firewall_forward(5883):vlan decision] len 337, vlan 4, egress CP, ingress aruba001:
[asap_firewall_forward(6383):looking up pkt ingress/src bridge entry f4:0f:24:38:64:75] len 337, vlan 4, egress CP, ingress aruba001:
[asap_firewall_forward(6431):Found ingress/src bridge entry f4:0f:24:38:64:75 rechable via aruba001] len 337, vlan 4, egress CP, ingress aruba001:
[asap_firewall_forward(6728):bridge section, looking for dst bridge entry ff:ff:ff:ff:ff:ff] len 337, vlan 4, egress CP, ingress aruba001:
[asap_firewall_forward(6840):Unable to find dst bridge entry ff:ff:ff:ff:ff:ff, flood to VLAN 4] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(6875):session section] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(7129):fastpath session returned 1 opcode 4] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(7143):slowpath section: opcode 4] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(7416):back to fastpath, opcode 3] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(7742):route section] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(7797):cp route section] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_forward(8128):forward section] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_flood(9646):flooding] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_flood(9859):checking dev3 bond0] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_flood(10405):flooding to bond0, tags 1] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_flood(9859):checking dev15 aruba001] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_flood(9859):checking dev16 aruba101] len 337, vlan 4, egress vlan 4, ingress aruba001:
[asap_firewall_flood(10423):stack section protocol=0x800, type=1] len 337, vlan 4, egress vlan 4, ingress aruba001:

Received packet from bond0 (timestamp (2019-1-25 11:54:52:310519))
[asap_firewall_forward(5700):firewall entry] len 368, vlan 0, egress CP, ingress bond0:
  #mac: etype 8100 smac 90:e2:ba:7e:e7:e5 dmac ff:ff:ff:ff:ff:ff
  #vlan 4, prio 0, etype 0800
  #ip: sip 192.168.154.1, dip 255.255.255.255, proto 17 hdr len 20
       len 350, id 0, cksum ded5, ttl 128, dscp 4
       fragment ok, last fragment, frag off 0
    #udp: sport 67 dport 68 len 330
      #dhcp: message-type: reply
             hardware type: 1, len: 6, hops: 0
             txn id: 0x7de59fae, seconds elapsed: 1
             boot flags: 0x8000
             your ip: 192.168.154.20
             client mac: 08:00:27:9d:8e:40
             magic cookie: 0x63825363
      #dhcp-option: netmask: 255.255.255.0
      #dhcp-option: router: 192.168.154.1
      #dhcp-option: dns-server: 192.168.153.1
      #dhcp-option: dns-name: dynlan.berlin.my-storecast.com
      #dhcp-option: message-type: offer
      #dhcp-option: dhcp-server: 192.168.154.1
[asap_firewall_forward(5883):vlan decision] len 368, vlan 4, egress CP, ingress bond0:
[asap_firewall_check_dhcp_packet(2673):dhcp packet to client] len 368, vlan 4, egress CP, ingress bond0:
[asap_firewall_forward(6383):looking up pkt ingress/src bridge entry 90:e2:ba:7e:e7:e5] len 368, vlan 4, egress CP, ingress bond0:
[asap_firewall_forward(6431):Found ingress/src bridge entry 90:e2:ba:7e:e7:e5 rechable via bond0] len 368, vlan 4, egress CP, ingress bond0:
[asap_firewall_forward(6728):bridge section, looking for dst bridge entry ff:ff:ff:ff:ff:ff] len 368, vlan 4, egress CP, ingress bond0:
[asap_firewall_forward(6840):Unable to find dst bridge entry ff:ff:ff:ff:ff:ff, flood to VLAN 4] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(6875):session section] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(7129):fastpath session returned 1 opcode 4] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(7143):slowpath section: opcode 4] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(7416):back to fastpath, opcode 3] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(7742):route section] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(7797):cp route section] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_forward(8128):forward section] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_flood(9646):flooding] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_flood(9859):checking dev3 bond0] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_flood(9859):checking dev15 aruba001] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_flood(9859):checking dev16 aruba101] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_flood(10423):stack section protocol=0x8100, type=1] len 368, vlan 4, egress vlan 4, ingress bond0:
[asap_firewall_send_up_stack(3817):going to stack protocol:0x800 type:1] len 350, vlan 4, egress vlan 4, ingress br0:

Hi guys,

I encounter the same problem.

Regularly the IP address is not distributed to the final user.

On the master IAP, we see the DHCP give IP address to :

dmac ff:ff:ff:ff:ff:ff

with same messages :

[asap_firewall_forward(6665):bridge section, looking for dst bridge entry ff:ff:ff:ff:ff:ff] len 361, vlan ---, egress CP, ingress gre0:
[asap_firewall_forward(6777):Unable to find dst bridge entry ff:ff:ff:ff:ff:ff, flood to VLAN ---] len 361, vlan ---, egress vlan , ingress gre0:

(PS :  I have volontary hidden the vlan number)

The only solution we found is to reboot the Master IAP.

Thanks for your answers.