Occasional Contributor I

A simple guest wifi setup, that's not so simple.

Aruba 7010 controller - ArubaOS version that came with the device

3 - AP 205's

1 - Comcast cable modem


Trying to setup just a quick, easy, no captive portal, guest wifi.


Cable Modem connected to Port 14 - IP is

Port 1,2,3 connected to 3 AP 205's


Plugged everything into the Aruba controller, booted it up. Had a laptop connected to port 13 for the initial setup. Laptop received the dhcp lease from the controller just fine. Going through the initial setup wizard, I setup the following:


Controller IP - (VLAN 100 Interface)

VLAN 100 - Interface IP (DHCP Server enabled -, default gateway

VLAN 200 - Interface IP

No captive portal, guest have direct access to internet

Default Route is (Cable Modem connected to port 14)

All Ports trusted

Inter VLAN routing is enabled.

All 3 access points find the controller and are provisioned with the default profile (Guest-WiFi SSID)


I tried with both android, and apple devices. I can get them to connect to the access points just fine. They get the DHCP ip's from the controller ( network), but cannot get any access outside of the Aruba controller.


Using SSH - I can remote into the Aruba controller and ping the cable modem ( I can do a trace route to an external IP and it works. DNS resolution works from the controller as well.


Doing a ping from a client connected to an AP, i can ping the internal interface ( and I can ping the external interface ( But I can't ping anything past that.


I am stumped, as far as I can tell it should work, but the Aruba controller is not routing traffic from VLAN 100 to VLAN 200... What am I missing?











Guru Elite

Re: A simple guest wifi setup, that's not so simple.

What role are the users being assigned?

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: A simple guest wifi setup, that's not so simple.

I do not, the Comcast cable modem is setup for NAT from network to the external IP that we are assigned.


This is for a Comcast business class connection if that matters...


The role is guest.

Occasional Contributor I

Re: A simple guest wifi setup, that's not so simple.

Figured out what the issue was. The Cable modem was set to NAT 10.1.10.x network to the external IP. But not our guest wifi network 10.1.5.x. Routing was working, but clients were not able to get out due to the lack of translation.


I enabled Source NAT on the internal VLAN 100, and voila! Everything is working as it should.


Thank you all for your help!



Search Airheads
Showing results for 
Search instead for 
Did you mean: