Wireless Access

Reply
Contributor II

DHCP / VLAN

Hi,

 

We set up Aruba 7210 controlers on master/stanby (without mobility master).

On WLAN config, we want to broadcast a 802.1X network with bridge to let clients make dhcp request and get an IP from externa DHCP server

 

Now WLAN is configured and we can see client mac address on AP switch port (ie the port on which AP is connected) but no ARP request.

 

Seems like VLAN used for WLAN config does'nt let ARP request pass.

 

What could be wrong ?

 

We found https://community.arubanetworks.com/t5/Controller-less-WLANs/How-to-configure-External-DHCP-server-for-a-Network-in-Instant/ta-p/187466 but cannot find such config on our 8.3 system.

 

Regards,

Guru Elite

Re: DHCP / VLAN

You have to trunk that client VLAN to each access point.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
Contributor II

Re: DHCP / VLAN

Hi,

 

Do you mean on controller config ? If so, what should be the process ?

On core switch side, this VLAN is already working with "old" 3600 controllers in the same way. I "just" cannot make it agin with the 7210/8.3...

Contributor II

Re: DHCP / VLAN

Hi,

 

After wireshark config analysis, no arp request comes out from physical port of the AP (ie on switch that connects AP).

 

Souns like ARP request cannot "cross" WLAN.

 

WLAN is in bridge mode. WLAN's VLAN is basic (no ip address).

Guru Elite

Re: DHCP / VLAN

What is the configuration for the Virtual AP?  Is the VLAN 1?  If it is not, it will tag with that VLAN number.  If it is one, it is bridging with no tag.  You also need to have Control Plane Security Enabled for it to work.  You should set the Virtual AP VLAN number to something to make it predictable.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: DHCP / VLAN

For virtual-ap :

 

wlan virtual-ap "WIFI-ACAD-2"
aaa-profile "WIFI-ACAD-2"
vlan 151
forward-mode bridge
ssid-profile "WIFI-ACAD-2"
!

 

CPSec is already enabled (see capture)

 

It tags with VLAN 151, and i can see client mac address on core switch (where AP is connected). But no arp request.

Guru Elite

Re: DHCP / VLAN

Well, the client has to obtain an ip address before it ARPs for a default gateway.  Also, make sure that the Initial Role in the AAA profile points to a role that has the "allowall"ACL to allow all traffic to go through.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: DHCP / VLAN

Here is (capture) the roles sequence.

 

login is the default one.

Guru Elite

Re: DHCP / VLAN

If you are not using 802.1x authentication on that SSID, the initial role should be something like authenticated to allow all traffic to pass.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: DHCP / VLAN

Rules eem ok (?)

See capture.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: