Wireless Access

Please take a look above diagram,and we explain the ip add as follow:

1. 47.104.193.111 is the public ip of our AOS8.3 VMC,there are 1:1 dst-nat to the VMC vlan1 ip 172.31.4.51/20 default gateway is 172.31.15.253/20 

In fact there are only one ip in our VMC

(AOS83) [mynode] #show ip interface bri

Interface IP Address / IP Netmask Admin Protocol VRRP-IP
vlan 1 172.31.4.51 / 255.255.240.0 up up
loopback 172.31.4.52 / 255.255.255.255 up up

(AOS83) [mynode] #show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/Branch
I - Ike-overlay, N - not redistributed

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 172.31.15.253 to network 0.0.0.0 at cost 1
S* 0.0.0.0/0 [0/1] via 172.31.15.253*
C 172.31.0.0/20 is directly connected, VLAN1

mgmt unassigned / unassigned up up

2.our RAP local ip is 172.16.5.236(dhcp from our home router), our home router get the public from isp is 111.37.21.67 (we do not get this public directly, it is also be NAT from our isp)，So we  open NAT-T in our VMC

3.We Contact our RAP by pre-shared key to our VMC

apboot> printenv
bootargs=
bootdelay=2
baudrate=9600
autoload=n
boardname=Dalmore
servername=aruba-master
bootcmd=boot ap
autostart=yes
bootfile=mips32.ari
ethaddr=24:de:c6:cb:79:40
name=24:de:c6:cb:79:40
group=ArubaRap
ikepsk=7C79E8210EB92264F7728ECD09EC5926055C5C527FA28CB91CCB63B3A2ED4C26
papuser=arubarap
pappasswd=90B311DE7AFCEBA589BA188EA766B30F14A695708421EBA8DD3E811C582C4B1A
a_antenna=0
g_antenna=0
usb_type=0
mesh_role=0
installation=0
remote_ap=1
priority_ethernet=0
priority_cellular=0
cellular_nw_preference=1
mesh_sae=0
ip6prefix=64
usb_power_mode=0
ap_power_mode=0
ethact=eth0
start_type=cold_start
master=47.104.193.111
num_total_bootstrap=8
num_reboot=8
stdin=serial
stdout=serial
stderr=serial

4.we boot our RAP,and we found it get the tunnl up and get the ip address

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
47.104.193.111 192.168.100.222 255.255.255.255 UGH -3 0 0 br0
172.31.4.52 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 192.168.100.222 0.0.0.0 UG -3 0 0 br0
~ #

We can not ping 172.31.4.52 , time out. anybody know the reason ?

The followed information we get from our rap
~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
47.104.193.111 192.168.100.222 255.255.255.255 UGH -3 0 0 br0
172.31.4.52 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 tun0
0.0.0.0 192.168.100.222 0.0.0.0 UG -3 0 0 br0
~ # ping 192.168.11.1 (This ip we are not sure where is it ？，but we know it dhcp from VMC)
PING 192.168.11.1 (192.168.11.1): 56 data bytes
64 bytes from 192.168.11.1: icmp_seq=0 ttl=64 time=0.1 ms
64 bytes from 192.168.11.1: icmp_seq=1 ttl=64 time=0.1 ms

--- 192.168.11.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.1/0.1/0.1 ms

~ # ping 47.104.193.111
PING 47.104.193.111 (47.104.193.111): 56 data bytes
64 bytes from 47.104.193.111: icmp_seq=0 ttl=50 time=13.2 ms
64 bytes from 47.104.193.111: icmp_seq=1 ttl=50 time=13.1 ms

--- 47.104.193.111 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 13.1/13.1/13.2 ms

~ # ping 172.31.4.52 This ip is VMC Controller-IP from loopback
PING 172.31.4.52 (172.31.4.52): 56 data bytes

--- 172.31.4.52 ping statistics ---
11 packets transmitted, 0 packets received, 100% packet loss

The followed information we get from our Public VMC

(AOS83) [mynode] #show ap system-profile default

AP system profile "default"
---------------------------
Parameter Value
--------- -----
RF Band g
Recovery Mode auto
RF Band for AM mode scanning all
Native VLAN ID 1
Tunnel Heartbeat Interval 1
Session ACL ap-uplink-acl
Corporate DNS Domain N/A
SNMP sysContact N/A
LED operating mode (11n/11ac APs only) normal
LED override Disabled
Driver log level warnings
Console log level emergencies
SAP MTU N/A
RAP MTU 1200 bytes
LMS IP N/A
Backup LMS IP N/A
LMS IPv6 N/A
Backup LMS IPv6 N/A
LMS Preemption Disabled
LMS Hold-down Period 600 sec
LMS ping interval 20
Remote-AP DHCP Server VLAN N/A
Remote-AP DHCP Server Id 192.168.11.1
Remote-AP DHCP Default Router 192.168.11.1
Remote-AP DHCP DNS Server N/A
Remote-AP DHCP Pool Start 192.168.11.2
Remote-AP DHCP Pool End 192.168.11.254
Remote-AP DHCP Pool Netmask 255.255.255.0
Remote-AP DHCP Lease Time 0 days
Remote-AP uplink total bandwidth 0 kbps
Remote-AP bw reservation 1 N/A
Remote-AP bw reservation 2 N/A
Remote-AP bw reservation 3 N/A
Remote-AP Local Network Access Disabled
Flex Radio Mode 2.4GHz-and-5GHz
Dual 5GHz Mode Automatic
IPM activation Disabled
IPM power reduction steps with priorities N/A
IPM Steps delete all No
Bootstrap threshold 8

We also have one PC in the same network with our RAP,

If we do not power RAP, we can access the VMC public IP 47.104.193.111 bye WEB and SSH (1:1 nat to 172.31.4.51)

but If we power up our RAP, and boot finished, we found we still can ping 47.104.193.111 OK, but we CAN NOT access by WEB and SSH!!!

anybody can see all of the information and help us ?

If you have any question about the aboved diagram, please just ask us here, we will explain to you

anybody here can help me ? thanks

Have you tried opening a TAC case?

No. I do not know how to open Case

I get one HPE friends  help me to find the reason now.