Wireless Access

Hi experts,

I want to implement a solution in my customer but first I am testing it at my lab. The scenario is the following. I have a cluster of two Instant APs, AP1 and AP2. AP1 is the master which holds the VC.

• If I select the VC managed - Default option:
  
  1. When the client is associated with AP1 gets an IP address in the range 172.31.98.0/23 which is correct.
  2. When the client is associated with AP2 can't get an IP address.
• If I select the VC managed - Custom option, I select a configured DHCP server type Local with network range 172.16.2.0/24:
  1. When the client is associated with AP1 gets an IP address in the range 172.16.2.0/24 which is correct.
  2. When the client is associated with AP2 get an IP address in the range 192.168.1.0/24.

As you see, there are problems when the client is not associated with the VC. Is this normal behaviour? APs are 325 running firmware 6.5.2.0.

Regards,

Julián

This is odd behaviour, I guess the first question to ask is what is the solution you are trying to implement for the customer? 

It might be obvious but are the AP's in the same Instant cluster? Are the clients able to obtain an IP address if AP2 holds is elected as the VC?

Do you have 192.168.1.0/24 configured anywhere in the configuration of AP2?

Hi zailon0,

Yeah, it is odd, but I am not the only one who had this problem, the following post talks about the same, but it finishes with no clear solution

http://community.arubanetworks.com/t5/forums/v3_1/forumtopicpage/board-id/IAP/thread-id/9217/page/5

What I want to do is the cluster Instant offers DHCP addresses to clients and then source NATs this addresses. I tried with the first option (VC managed - Default) which seems easier, but because it didn't work, I tried with the second one (VC managed - Custom).

Yes, both APs are in the same cluster and I didn't try if clients obtain IP adresses if AP2 holds the VC, but I think they will. And for the last question, yes, 192.168.1.0/24 is configured in a FW acting as DHCP server in the same subnet where APs are connected.

Regards,

Julian

Julian,

Please see the video here:  https://www.youtube.com/watch?v=aS9Q8aZXdZ0&t=105s&list=PL37Y-XxK6oanTV3821XpKHFVo3hGPW-56&index=10

That should explain all of your options.  With the VLAN set to Virtual Controller Assigned, you should be able to (1) have the IAP assign ip addresses and (2) NAT the traffic out of the VC.  Please look at the video to make sure everything is working the way it should.  Make sure everything is as simple as possible and you get the ip addressing working before you do things like add ACLs for users...

Hi Colin,

I already knew that video. In fact the two points you said are accomplished and it works properly, except it only works with the AP elected as the VC. In addition, I made no further configuration, no ACLs, no policies, the rest of configuration is set to default.

Regards,

Julian

Are you sure that both access points are in a cluster?

Pretty sure, both APs have IPs in the same subnet, same uplink management VLAN and connected to the same LAN, and I can see both of them in the Access Points tab in the GUI, and one of them has the asterisk (the master).

Regards,

Julian

Well there are thousands of deployments that have this working.  We need to know why yours does not..

Sure there are, but as I said at the beginning of this post I am not the only one with this problem, I included a link with one person with the same problem, only it works with the VC. What commands could be useful for troubleshooting this? Any debug command?

Regards,

Julian

Hi everybody,

There is something weird which causes deauthentication:

Open a TAC case...

Regards,

Julián

Hi zailon0 and Colin,

Just to let you know that I replaced the switch where the IAPs were connected to and now the scenario works properly, client gets IP address when it is associated to either AP1 or AP2. The old switch has an odd behavior even it is much better than the new one.

Regards,

Julián