Just got my first Aruba switch (Aruba 2500) yesterday and started playing with it today. I set DHCP scopes, VLANs with with ip adresses and subnet, switching-profiles, etc, etc
I plugged in APs and a pc to different vlan ports and nothing could get an ip. When I check DHCP stats I see that "DHCP is currently disabled". Simple enough, I thought. then I spent more than an hour googling about global enable of DHCP and I'm comming up empty.
I did find a post about DHCP and Port Security. So I created a Port Security Group, told it that DHCP was trusted, applied that to interface groups and it still wont go.
I know I am missing something little, but searching is not giving me much.
Help a noob please!
Some helpful output:
(ArubaS2500-24P) #show ip dhcp statistics
DHCP is currently disabled
(ArubaS2500-24P) #show run
Building Configuration...
#
# Configuration file for ArubaOS
version 7.2
enable secret "******"
hostname "ArubaS2500-24P"
clock timezone CST -6
location "Building1.floor1"
controller config 2
ip access-list eth validuserethacl
permit any
!
netservice svc-dhcp udp 67 68
netservice svc-dns udp 53
netservice svc-ftp tcp 21
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-https tcp 443
netservice svc-icmp 1
netservice svc-kerberos udp 88
netservice svc-natt udp 4500
netservice svc-ntp udp 123
netservice svc-sip-tcp tcp 5060
netservice svc-sip-udp udp 5060
netservice svc-sips tcp 5061
netservice svc-smtp tcp 25
netservice svc-ssh tcp 22
netservice svc-telnet tcp 23
netservice svc-tftp udp 69
netservice svc-vocera udp 5002
netexthdr default
!
ip access-list stateless allowall-stateless
any any any permit
!
ip access-list stateless dhcp-acl-stateless
any any svc-dhcp permit
!
ip access-list stateless dns-acl-stateless
any any svc-dns permit
!
ip access-list stateless http-acl-stateless
any any svc-http permit
!
ip access-list stateless https-acl-stateless
any any svc-https permit
!
ip access-list stateless icmp-acl-stateless
any any svc-icmp permit
!
ip access-list stateless logon-control-stateless
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session validuser
network 169.254.0.0 255.255.0.0 any any deny
any any any permit
ipv6 alias any6 alias any6 any permit
!
user-role authenticated
access-list stateless allowall-stateless
!
user-role denyall
!
user-role guest
access-list stateless http-acl-stateless
access-list stateless https-acl-stateless
access-list stateless dhcp-acl-stateless
access-list stateless icmp-acl-stateless
access-list stateless dns-acl-stateless
!
user-role logon
access-list stateless logon-control-stateless
!
!
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
crypto isakmp eap-passthrough eap-tls
crypto isakmp eap-passthrough eap-peap
crypto isakmp eap-passthrough eap-mschapv2
mgmt-user admin root e6c4b24d01a34cf423558a9abac34d6d09f4bee7a3e0528aef
no firewall attack-rate cp 1024
firewall disable-stateful-sip-processing
firewall disable-stateful-h323-processing
firewall disable-stateful-sccp-processing
firewall disable-stateful-vocera-processing
firewall disable-stateful-ua-processing
ipv6 firewall ext-hdr-parse-len 100
!
!
firewall cp
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country US
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication wired
!
web-server
!
aaa password-policy mgmt
!
traceoptions
!
ip dhcp pool "APs"
network 10.107.107.0 255.255.255.0
default-router 10.107.107.1
vendor-class-identifier ArubaAP
option 43 ip 10.7.70.100
!
ip dhcp pool "SERVERS"
network 10.7.70.0 255.255.255.0
default-router 10.7.70.1
dns-server 8.8.8.8
no vendor-class-identifier
!
qos-profile "default"
!
policer-profile "default"
!
ip-profile
!
lcd-menu
!
interface-profile ospf-profile "default"
area 0.0.0.0
!
interface-profile pim-profile "default"
!
interface-profile igmp-profile "default"
!
stack-profile
!
ipv6-profile
!
interface-profile switching-profile "default"
!
interface-profile switching-profile "TRUNK"
switchport-mode trunk
trunk allowed vlan 70-71
!
interface-profile switching-profile "vlan20-sw"
access-vlan 20
native-vlan 20
!
interface-profile switching-profile "vlan70-sw"
access-vlan 70
native-vlan 70
!
interface-profile poe-profile "default"
!
interface-profile poe-profile "OFF"
!
interface-profile poe-profile "ON"
enable
!
interface-profile poe-profile "poe-factory-initial"
enable
!
interface-profile enet-link-profile "default"
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
lldp transmit
lldp receive
med enable
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
interface-profile dhcp-relay-profile "DHCP"
!
interface-profile port-security-profile "PS-DHCP"
trust dhcp
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
!
spanning-tree
mode mstp
!
gvrp
!
mstp
!
lacp
!
poe-management-profile slot "1"
poe-powermanagement static
!
vlan "1"
igmp-snooping-profile "igmp-snooping-factory-initial"
!
vlan "20"
description "ACCESS_POINTS"
!
vlan "70"
description "SERVERS"
!
vlan "71"
description "EMPLOYEE"
!
vlan "99"
description "GUEST"
!
interface gigabitethernet "0/0/0"
!
interface gigabitethernet "0/0/12"
switching-profile "vlan70-sw"
port-security-profile "PS-DHCP"
!
interface gigabitethernet "0/0/23"
switching-profile "TRUNK"
!
interface vlan "1"
!
interface vlan "20"
ip address 10.107.107.1 255.255.255.0
!
interface vlan "70"
ip address 10.7.70.1 255.255.255.0
!
interface mgmt
!
interface-group gigabitethernet "APs"
!
interface-group gigabitethernet "default"
apply-to ALL
lldp-profile "lldp-factory-initial"
poe-profile "poe-factory-initial"
!
interface-group gigabitethernet "vlan20-grp"
apply-to 0/0/0-0/0/4
poe-profile "ON"
switching-profile "vlan20-sw"
!
snmp-server view ALL oid-tree iso included
snmp-server group ALLPRIV v1 read ALL notify ALL
snmp-server group ALLPRIV v2c read ALL notify ALL
snmp-server group ALLPRIV v3 noauth read ALL notify ALL
snmp-server group AUTHPRIV v3 priv read ALL notify ALL
snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL
snmp-server enable trap
process monitor log
end