Controllerless Networks

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
MVP Expert

Re: Cannot get to web configuration while associated with Virtual Controller AP

Is your wireless SSID on a different VLAN from your management VLAN that the IAP interfaces are on, or is it all one big flat VLAN (client IP is in the same broadcast domain as the VC IP)?

 

Are there any settings in the roles the clients get from the IAP that involve any filtering or is the role 'authenticated" (any any all).


Jerrod Howard
Distinguished Technologist, TME
Highlighted
Frequent Contributor I

Re: Cannot get to web configuration while associated with Virtual Controller AP

Just so I don't leave out any details...

 

The SSID I am connected to (Employee) is on VLAN66. The management IP of the VC (and the IAPs) is on VLAN99.

 

The role assigns the user VLAN to the user based on their group membership in LDAP. Other than that, there is nothing in roles.

Highlighted
MVP Expert

Re: Cannot get to web configuration while associated with Virtual Controller AP

I would just open a TAC case. Your responses seem as if our help isn't doing you any good at this point, nor is it being appreciated, based on your responses. They can look at your config and go from there and should be able to get you straightened out. Good luck!


Jerrod Howard
Distinguished Technologist, TME
Highlighted
Frequent Contributor I

Re: Cannot get to web configuration while associated with Virtual Controller AP

What I don't appreciate is me spending time making this post and giving you all the details then someone to turn around and tell me I didn't provide any details forcing me to repeat everything I've said multiple times. I would appreciate the help if it was helpful or I received help in a timely manner. We went weeks without a response after my last response. Usually I find these forums helpful but today they certainly haven't been.

Highlighted
MVP Expert

Re: Cannot get to web configuration while associated with Virtual Controller AP

First, and most importantly, this community forum is supported by the community (both Aruba SEs and by customers and partners) on a volunteer basis, and should not be considered (and certainly IS not) a substitute for TAC/support. If you have a critical operational issue, you should contact TAC at 1-800-WIFILAN for immediate assistance and then your issue will get worked on and hopefully resolved to your satisfaction.

 

Secondly, in regards to your position that you provided plenty of detail. Your original post did NOT include the detail that your SSID and IAP management are on separate VLANs. That tells us a lot about the pathing for data when it leaves one IAP on user VLAN 66 and is destined to the IAP mgmt VLAN 99. So there IS routing taking place from the WiFi user VLAN to the IAP management VLAN, which could be telling based on your config. 

 

What we would consider plenty of detail would be things like network drawings that show the topology of your network and where the IAPs are in relation to VLANs (for L2/L3), possibly the config from your VC to look at roles and policies, etc. However, it's certainly understandable to not want to post that kind of data, to wit opening a TAC case is the next vest step. 

 

 

You have a pair of fairly experienced engineers with over 20 years combined with Aruba that were working on assisting you on this issue today, and I apologize you went weeks without a response, but again, this forum IS NOT an official support mechanism and if you are having technical issues that require remedy, the proper course of action is TAC. So sometimes support is a catch as catch can, and sometimes things go unanswered. Since our assistance isn't appreciated and you feel we haven't helped you, I would again suggest TAC and wish you the best. If you find the remedy with TAC, please feel free to post the corrective actions or diagnosis here for others. But that is up to you.

 

Sorry you are disappointed. Good luck and happy hunting. 


Jerrod Howard
Distinguished Technologist, TME
Highlighted
Frequent Contributor I

Re: Cannot get to web configuration while associated with Virtual Controller AP

Yes they are on different VLANs. But it isn't a VLAN problem if I can access them when not connected to the virtual controller IAP. The management IPs are all on the same VLAN as one another, if the problem is following the virtual controller, then there is a problem with the software not the network. So why would I provide details that aren't going to help diagnose the problem? This is troubleshooting 101.

Highlighted
MVP Expert

Re: Cannot get to web configuration while associated with Virtual Controller AP

Honestly, I can think of two or three different things I would look at and troubleshoot that would be related to the IAP mgmt and the VC GUI on different VLANs from the WiFI and why a VC would or might not be 'reachable' on the GUI outside of the management, but I would be afraid that my asking for that data/config/tests would be viewed as 'not necessary' heh, so for now I will let you open a TAC case and they can work it out with you instead.

 

Sometimes things you think don't matter do, but as you feel strongly to the contrary, the best direction is to open a case. We were only trying to help, and we apologize for asking for information you feel is not needed or warranted while trying to help. Good luck and I hope TAC can get you straightened out.


Jerrod Howard
Distinguished Technologist, TME
Highlighted
Frequent Contributor I

Re: Cannot get to web configuration while associated with Virtual Controller AP

Well now I'm curious. What about the VLANs being different would stop my from connecting to the IAP VC via HTTPS when ONLY associated with that IAP VC, but not stop me when I am connected to the same SSID on other IAPs in the cluster that are all configured similarly AND I have the same IP address? I mean if you want information, I'll give it to you. I just don't like people saying I didn't provide any details when I surely did provide plenty of details. If you want more, I'll give you more, just don't treat me like I am not giving you the information you asked for because all I had been asked up to that point is if I was connecting to it via FQDN or IP address which I gladly answered. If you want to know certain information, then ASK for it, don't just accuse me of not providing enough information.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: