06-04-2019 08:15 PM
I an evaluating an Aruba IAP as replacements for our HP units, and I cannot get the IAP to pass the DHCP packets after the wireless client has authenticated.
This network network does not use VLANs, and has a server physically connected with RADIUS and DHCP servers. Clients are authenticated by MAC address to the RADIUS server.
I started out with a factory reset APIN0207 firmware 188.8.131.52_61959 and configured a single network:
Primary Usage: Employee
Client IP: Network Assigned
Client VLAN: Default
Security: Open (MAC authentication configured)
Access Rules: Unrestricted
The Access Point "ap-test" is set up as a static ip address with the rest as default.
When I connect a client to the AP, I see the MAC authetication succeed on the RADIUS server, and the AP shows the client - see attached file "show-client-debug.txt". However, the "DHCP Status" is always "Discovering".
I have a DHCP packet dump from the AP "debug-pkt-type-dhcp.txt" which shows the client's DHCP packets being received by the AP and the being dropped.
I obviously need to tell the AP to pass packets to the wired network port after MAC authentication, but I cannot work out how to.
Solved! Go to Solution.
Re: DHCP broadcast not being bridged by IAP after MAC auth
06-05-2019 06:39 AM
The role in client debug output shows "Deny All" and the Authenticated field shows "no". It means mac auth is failing due to some reason.
Please verify the "Delimiter character" and "Uppercase support" settings in the profile.
You may also check the output of "show ap debug auth-trace-buf" and check if mac auth is success in IAP.
06-12-2019 02:55 PM
Originally I duplicated the HP access point's configuration when I set up the test Aruba, but it turns out that there's a bug in the HP AP firmware.
The MAC separator character was set as "-", but when I started doing RADIUS packet captures of the HP and Aruba I found that the HP was not using a separator at all.
Once I took it out of the Ariba config, it started working.
Thanks to everyone who look at the question.