Wireless Access

Hello,

so far nobody answered my initial question here.

That´s why I am asking the other way.

 

Ho can I get a solution for the following:

 

We often have guests / costumers inside the office which simply want to check mails or google something.

These guests I simply want to grant access to the www. I thought this must be easy: Assigning a new VLAN with a dedicated gateway to a physiscal port patched into the DMZ instead into the company LAN. But this is not working (see my linked posting above).

I there any other solution to achieve this?

 

Thanky - F.One

I want to direct you to open a TAC case because there are quite a few reasons why it is not working the way you want it to, and it might not be easy to uncover those reasons here.  Based on your initial post, those steps should work.  If creating a VLAN, adding a port to that VLAN breaks your other VLANs, you have another more complicated issue; possibly a routing issue that might not be easily fixed on this forum.

 

Thank you cjoseph,

 

I'm surprised that the VLAN 1 only breaks when I plug the cable into port 3 with the VLAN 100. This shouldn't have any effect, because otherwise I'll have VLANsalways untagged. It is also not spanning tree. I have no idea at all.

 

TAC:

Is there any way to open a TAC with a native english speaker?

The two times I opened up a call it was a nightmare to me because I do not understand english with such an hard indian accent.

Maybe there exists a support division in UK? Here in Germany there is nothing at all.

I don't appreciate it if I by support in germany for a lot of €€€€ - but do get pseudo-english support only. :(

Okay.  Let's try to work through this.  You should SSH into the MD (the controller with the access points and type "show vlan status" to see all of the ports that VLAN 100 is tied to.  Make sure it does not end up on any of your trunks.  It should only be on the access port that you have enabled for VLAN 100.

 

 

Sorry for the delay, I am sitting at home and building model railways with my children :)

 

A remote "show vlan status" gives:

 

1       192.168.0.254/255.255.254.0  Enabled     Up         3          Disabled    Regular  GE0/0/0-0/2 Pc0-7   N/A          Disabled 

100     N/A                          N/A         N/A        1          Disabled    Regular  GE0/0/3             N/A          Disabled 

 

Of course I cannot plug / unplug cables remotely. 

 

thanks for your help!

 

 

PS:

Just for the records: I am really wondering about not beeing able to directly get into the controller-IP (192.168.0.254) via VPN (IP-pool 10.242.0.0/24 coming out in the DMZ). I really do have to use a terminal server in the LAN 192.168.0.0/24 ) or DMZ (192.168.10.0/24), does not matter. This is unique to the aruba controller, every other device (servers, desktops, switches, LAN-to-DMZ-router, printer, homekit-stuff a.s.o) is reachable w/o the need of a local IP.

You then have to define an IP address on VLAN 100 in the correct range.... I hope you are not plugging in the wrong cable to gig0/0/3

I did this as before:

 

show vlan status

 

Vlan Status

-----------

VlanId  IPAddress                     Adminstate  Operstate  PortCount  Nat Inside  Mode     Ports               AAA Profile  Option-82

------  ---------                     ----------  ---------  ---------  ----------  ----     -----               -----------  ---------

1       192.168.0.254/255.255.254.0   Enabled     Up         3          Disabled    Regular  GE0/0/0-0/2 Pc0-7   N/A          Disabled 

100     192.168.10.254/255.255.255.0  Enabled     Down       1          Disabled    Regular  GE0/0/3             N/A          Disabled 

 

When I would plugin now the cable from the DMZ-switch (which is only on 192.168.10.0/24) into port 0/0/3 the WLAN traffic on the LAN (192.168.0.0/23) is broken immediately.

It seems like you have something else going on...

Does aruba OS have something like tcpdump to figure out what‘s going on on eth0 when eth3 joins the game?