Wireless Access

Reply
Guru Elite

Re: DHCP / VLAN

At minimum, those rules should allow you to get  an ip address.  


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Highlighted
Contributor II

Re: DHCP / VLAN

We use 802.1X for auth.

 

EAP-TTLS+PAP with radius.

 

Auth works. Then client search for IP address. But no IP found, no ARP request one externa DHCP.

When mirroring AP port on core switch, we cannot find any arp request for the client mac address.

 

On the opposite, the same method with our 3600 works.

Note : Both WLAN (3600 and 7210 infrastructure have the same VLAN ID, but AP and controllers are on different subnet.

 

Guru Elite

Re: DHCP / VLAN

The last thing that I would check is that in your ap-group, the AP system profile has the ap-uplink-acl:

Screenshot 2019-04-03 at 11.56.23.png


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: DHCP / VLAN

Is there any way to enable debug on AP site to verifiy if it can see ARP requests and what it can do with it ?

Contributor II

Re: DHCP / VLAN

It has.

Guru Elite

Re: DHCP / VLAN

You can try "show datapath bridge ap-name <name of ap> ?" to see some commands that would give you visibility.

 

Not many people use bridged SSIDs, unfortunately.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: DHCP / VLAN

Here is what wireshark can capture on the mirrored port of the AP.

When using the old infrastructure that works, the same capture shows ARP request and co.

 

It may show that something "drop" ARP request before the physical port of the AP (?)

Contributor II

Re: DHCP / VLAN

I noticed another thing : as you can see in screen capture, there are many drop frames for the two client that tried to connect (?)

AP is up to 5m of clients.

Guru Elite

Re: DHCP / VLAN

Try "show datapath session ap-name <name of ap> table" to possibly see the traffic going through that AP during or after authentication.  It may show the ARPs getting blocked (the source ip would be the mac of your client).

 

EDIT:  look for protocol 806:

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: DHCP / VLAN

Here is output from command. I showed the client theat i use for test.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: