Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

DHCP broadcast not being bridged by IAP after MAC auth

This thread has been viewed 0 times

  • 1.  DHCP broadcast not being bridged by IAP after MAC auth

    Posted Jun 04, 2019 11:15 PM

    I an evaluating an Aruba IAP as replacements for our HP units, and I cannot get the IAP to pass the DHCP packets after the wireless client has authenticated.

     

    This network network does not use VLANs, and has a server physically connected with RADIUS and DHCP servers. Clients are authenticated by MAC address to the RADIUS server.

     

    I started out with a factory reset APIN0207 firmware 6.5.4.3_61959 and configured a single network:

    Primary Usage: Employee

    Client IP: Network Assigned

    Client VLAN: Default

    Security: Open (MAC authentication configured)

    Access Rules: Unrestricted

     

    The Access Point "ap-test" is set up as a static ip address with the rest as default.

     

    When I connect a client to the AP, I see the MAC authetication succeed on the RADIUS server, and the AP shows the client - see attached file "show-client-debug.txt". However, the "DHCP Status" is always "Discovering".

     

    I have a DHCP packet dump from the AP "debug-pkt-type-dhcp.txt" which shows the client's DHCP packets being received by the AP and the being dropped.

     

    I obviously need to tell the AP to pass packets to the wired network port after MAC authentication, but I cannot work out how to.

     

    Regards, Glen.

     

    Attachment(s)

    txt
    debug-pkt-type-dhcp.txt   3 KB 1 version
    txt
    show-client-debug.txt   1 KB 1 version


  • 2.  RE: DHCP broadcast not being bridged by IAP after MAC auth

    EMPLOYEE
    Posted Jun 05, 2019 09:40 AM

    The role in client debug output shows "Deny All" and the Authenticated field shows "no". It means mac auth is failing due to some reason.

     

    Please verify the "Delimiter character" and "Uppercase support" settings in the profile.

     

    You may also check the output of "show ap debug auth-trace-buf" and check if mac auth is success in IAP.

     

    https://www.arubanetworks.com/techdocs/Instant_40_Mobile/Advanced/Content/CLI_commands/show%20ap%20debug%20auth-trace-buf.htm



  • 3.  RE: DHCP broadcast not being bridged by IAP after MAC auth
    Best Answer

    Posted Jun 12, 2019 05:56 PM

    Originally I duplicated the HP access point's configuration when I set up the test Aruba, but it turns out that there's a bug in the HP AP firmware.

     

    The MAC separator character was set as "-", but when I started doing RADIUS packet captures of the HP and Aruba I found that the HP was not using a separator at all.

     

    Once I took it out of the Ariba config, it started working.

     

    Thanks to everyone who look at the question.