Wireless Access

Aruba 650 Controller

Firmware: 6.4.4.8 (55228)

LAN Port: Gig1/5

WAN Port: Gig1/4

I am unable to get the controller to pull a DHCP address for the WAN IP.  I've tried the config on port 1/3 and 1/4 and neither one works.  Statically it works fine.  I've also tried with and without the ACL with no luck.  I'm starting from a fresh config and here is what I am using:

interface vlan 99
        ip address 10.99.0.1 255.255.255.0
        ip nat inside
        description "LAN-vlan"
!
interface vlan 100
        ip address dhcp-client
        description "WAN-vlan"
!
interface gigabitethernet 1/4
        description "WAN-uplink"
        trusted
        trusted vlan 1-4094
        ip access-group "SL-LINK-ACL" session
        switchport access vlan 100
!
ip default-gateway import dhcp
!
ip access-list session SL-LINK-ACL
  any any svc-dhcp  permit 
  any any any  deny
 

Here is some of the output:

(Aruba650) (config-if)#show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/Branch

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
C    10.99.0.0/24 is directly connected, VLAN99

(Aruba650) (config-if)#show ip interface brief

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 99                      10.99.0.1 / 255.255.255.0     up      up  
vlan 100                    unassigned / unassigned        up      up  
loopback                    unassigned / unassigned        up      up  
mgmt                        unassigned / unassigned        down    down

DHCP is enabled on VLAN(s) 100

Any thoughts?

Thanks!

Tried that every time I moved interfaces.  And just to make sure it wasnt a sticky mac, in between a couple of the reboots, I tested my laptop on the cable modem and was able to pull an ip address.

I just replayed your config in my lab, and I can get an IP successfully.. What may help is putting the dhcp client in debug mode to see what happens:

(Aruba7005) (config) #logging level debugging network process fpapps
(Aruba7005) (config) #interface gigabitethernet 0/0/1
(Aruba7005) (config-if)#shutdown
(Aruba7005) (config-if)#no shut
(Aruba7005) (config-if)#show log all 20

Jul  6 08:20:09  fpapps[3505]: <208044> <DBUG> |fpapps|  Nim Interface 221 state change notification, new state L7_FORWARDING
Jul  6 08:20:09  fpapps[3505]: <208045> <DBUG> |fpapps|  Received event 3 for Interface 2
Jul  6 08:20:09  fpapps[3505]: <208045> <DBUG> |fpapps|  Received event 3 for Interface 221
Jul  6 08:20:09  fpapps[3505]: <208045> <DBUG> |fpapps|  Received event 6 for Interface 2
Jul  6 08:20:09  fpapps[3505]: <208045> <DBUG> |fpapps|  Received event 6 for Interface 221
Jul  6 08:20:09  fpapps[3505]: <209800> <INFO> |fpapps|  Physical link up: port 0/0/1, full duplex, speed 100 Mbps
Jul  6 08:20:10  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul  6 08:20:10  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul  6 08:20:10  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul  6 08:20:10  fpapps[3505]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes
Jul  6 08:20:10  fpapps[3505]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...
Jul  6 08:20:11  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 50
Jul  6 08:20:11  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul  6 08:20:11  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 54
Jul  6 08:20:11  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul  6 08:20:11  fpapps[3505]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul  6 08:20:11  fpapps[3505]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 278 bytes
Jul  6 08:20:11  fpapps[3505]: <208021> <DBUG> |fpapps|  DHCPC: Sending select for 192.168.32.129...
Jul  6 08:20:11  fpapps[3505]: <208035> <INFO> |fpapps|  DHCPC: Lease of 192.168.32.129 obtained, lease time 3600
Jul  6 08:20:11  fpapps[3505]: <299801> <DBUG> |fpapps|  Got ADD req for 192.168.32.0/255.255.255.0 from fpapps, src proto:Local

Also, mirroring traffic from your WAN port to another port and analyzing with Wireshark may show what is the issue. Based on your 'tried without access-list with no luck'; I agree with Colin that it seems to be outside the controller. 

I did do the logging and the controller definitely isnt getting a dhcp.  I did try on an older copy of the firmware: 6.4.2.3.  However, I've tested 3 additional pc/laptops and they all receive public IPs from the cable modem.  So I can safely rule out the ISP at this time.  This leads me to believe its something on the controller that is not sending the request in properly.  Any additional ideas on what may be the issue?  Could it be the DHCP options that arent being requested properly?  Thoughts?

Thanks.

Jul 10 21:10:55  fpapps[2596]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...
Jul 10 21:10:55  fpapps[2596]: <208033> <INFO> |fpapps| DHCPC: No server ID in message
Jul 10 21:10:57  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul 10 21:10:57  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul 10 21:10:57  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul 10 21:10:57  fpapps[2596]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes
Jul 10 21:10:57  fpapps[2596]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...
Jul 10 21:11:01  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul 10 21:11:01  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul 10 21:11:01  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul 10 21:11:01  fpapps[2596]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes
Jul 10 21:11:01  fpapps[2596]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...
Jul 10 21:11:09  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul 10 21:11:09  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul 10 21:11:09  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul 10 21:11:09  fpapps[2596]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes
Jul 10 21:11:09  fpapps[2596]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...
Jul 10 21:11:25  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul 10 21:11:25  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul 10 21:11:25  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul 10 21:11:25  fpapps[2596]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes
Jul 10 21:11:25  fpapps[2596]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...
Jul 10 21:11:57  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53
Jul 10 21:11:57  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55
Jul 10 21:11:57  fpapps[2596]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60
Jul 10 21:11:57  fpapps[2596]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes
Jul 10 21:11:57  fpapps[2596]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...

Do you have DHCP server configured on your controller for vlan100? Only asking as I noticed this in the below output. As a test have you tried disabling it?

DHCP is enabled on VLAN(s) 100

Could you also provide the output of #show interface vlan 100

no inside DHCP for vlan 100 as that's my WAN VLAN.  So if I disable VLAN 100, I dont believe I'll be able to do anything on my WAN.

I do have DHCP set up for VLAN 99 which is my LAN VLAN.

(Aruba650) #show interface vlan 100

VLAN100 is up line protocol is up
Hardware is CPU Interface, Interface address is 00:0B:86:64:20:90 (bia 00:0B:86:64:20:90)
Description: wan

IPv6 Router Advertisements are disabled
DHCP is enabled. Current state is INIT SELECTING
Routing interface is enable, Forwarding mode is enable 
Directed broadcast is disabled, BCMC Optimization disabled ProxyARP disabled Suppress ARP enable
Encapsulation 802, loopback not set
MTU 1500 bytes
Last clearing of "show interface" counters 0 day 1 hr 16 min 13 sec 
link status last changed 0 day 1 hr 11 min 24 sec 
Proxy Arp is disabled for the Interface

Any resolution on this? I'm getting the same results on two seperate 7005 controllers on codes ranging from 6.4, 6.5 and 8.

update: i put a bump in the log using an old aruba 200 running 5.0.4, i get the same results - a200 cant pull ip, but the two 7005s pull an ip from the inside of the 200.... soooo..... cable modem is being stupid. Any ideas on how to fix the cable modem provided me by the isp? =/ Cisco DPC3216 Will hand an address to laptops (in between reboots) but not any of my AOS controllers on code from 5-8.

dhcp dbug logs from the 200 running aos5...

(Aruba200) (config-subif)#show log all 100 | include DBUG

Dec 31 17:14:17  fpapps[630]: <208045> <DBUG> |fpapps|  Received event 0 for Interface 228

Dec 31 17:14:17  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event OTHER (0)

Dec 31 17:14:17  fpapps[630]: <208044> <DBUG> |fpapps|  Nim Interface 228 state change notification, new state L7_NOT_FORWARDING

Dec 31 17:14:17  fpapps[630]: <208045> <DBUG> |fpapps|  Received event 7 for Interface 228

Dec 31 17:14:17  fpapps[630]: <208043> <DBUG> |fpapps|  Nim received event L7_NOT_FORWARDING for interface 228 linkState 3

Dec 31 17:14:17  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event L7_NOT_FORWARDING (7)

Dec 31 17:14:17  fpapps[630]: <208045> <DBUG> |fpapps|  Received event 7 for Interface 228

Dec 31 17:14:17  fpapps[630]: <208043> <DBUG> |fpapps|  Nim received event L7_NOT_FORWARDING for interface 228 linkState 3

Dec 31 17:14:17  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event L7_NOT_FORWARDING (7)

Dec 31 17:14:17  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event L7_NOT_FORWARDING (7)

Dec 31 17:14:21  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53

Dec 31 17:14:21  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60

Dec 31 17:14:21  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55

Dec 31 17:14:21  fpapps[631]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...

Dec 31 17:14:21  fpapps[631]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes

Dec 31 17:14:22  fpapps[630]: <208045> <DBUG> |fpapps|  Received event 1 for Interface 228

Dec 31 17:14:22  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event OTHER (1)

Dec 31 17:14:22  fpapps[630]: <208044> <DBUG> |fpapps|  Nim Interface 228 state change notification, new state L7_FORWARDING

Dec 31 17:14:22  fpapps[630]: <208045> <DBUG> |fpapps|  Received event 6 for Interface 228

Dec 31 17:14:22  fpapps[630]: <208043> <DBUG> |fpapps|  Nim received event L7_FORWARDING for interface 228 linkState 3

Dec 31 17:14:22  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event L7_FORWARDING (6)

Dec 31 17:14:22  fpapps[630]: <208045> <DBUG> |fpapps|  Received event 6 for Interface 228

Dec 31 17:14:22  fpapps[630]: <208043> <DBUG> |fpapps|  Nim received event L7_FORWARDING for interface 228 linkState 3

Dec 31 17:14:22  fpapps[630]: <208004> <DBUG> |fpapps|  Dot1q Change Call back is called 228 event L7_FORWARDING (6)

Dec 31 17:14:24  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53

Dec 31 17:14:24  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60

Dec 31 17:14:24  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55

Dec 31 17:14:24  fpapps[631]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...

Dec 31 17:14:24  fpapps[631]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes

Dec 31 17:14:29  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53

Dec 31 17:14:29  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60

Dec 31 17:14:29  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55

Dec 31 17:14:29  fpapps[631]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...

Dec 31 17:14:29  fpapps[631]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes

Dec 31 17:14:38  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53

Dec 31 17:14:38  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60

Dec 31 17:14:38  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55

Dec 31 17:14:38  fpapps[631]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...

Dec 31 17:14:38  fpapps[631]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes

Dec 31 17:14:58  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 53

Dec 31 17:14:58  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 60

Dec 31 17:14:58  fpapps[631]: <208014> <DBUG> |fpapps|  DHCPC: adding option 55

Dec 31 17:14:58  fpapps[631]: <208020> <DBUG> |fpapps| DHCPC: Sending discover...

Dec 31 17:14:58  fpapps[631]: <208019> <DBUG> |fpapps|  DHCPC: payload length is 266 bytes

James,

In the case: controller direct on your ISP does not get an IP, but controller behind other DHCP device does get an IP address, it seems indeed something weird in your router. What might be is that your controller sends out attributes (see option 55, 60 set in the debug) on which it decides not to respond. Could be that they did that by purpose to prevent people connecting enterprise equipment to a consumer line, but that is pure speculation.

I would, as a next step, configure port mirroring on the controller (https://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-port-monitoring-and-how-do-I-do-it/ta-p/183552) and connect a Wireshark to the monitor port and just see what happens. Does the controller send the DHCP request? With what attributes? Does the router respond? With what attributes.

If that does not bring you the solution, and it is unclear why the router does not respond, I would work with Aruba TAC with the collected data. They might have some configuration to change/suppress options in the DHCP request. I have not seen this before, but to be honest most controllers I configure have static IP.

Herman

Curious if you found a resolution for this.  Had an upgrade yesterday where they swapped cable modem from a ebee to an Arris and wan interface on controller no longer can get an IP address.

evidently some Arris Cable modems have bad chipset and cause DHCP issues.  Once it was replaced dhcp on wan port works fine