Wireless Access

Reply
Highlighted
Guru Elite

Re: Migration to a new DHCP server


@syedmuradali wrote:

In the Virtual AP for that WLAN on the Mobility Controller, there is a VLAN option.  That VLAN must exist on the Mobility Controller for clients to get an ip address.

This is already done!!! but still clients are unable to get the IP address. any other advice please


How is that VLAN connected to the controller?  Is it on a trunk?  Is it on an access port?  Can you assign that VLAN to another port on the controller,  plug in a wired device in the port and get an ip address?  If not, the VLAN is not configured correctly.

 

What is that VLAN number?

What is the router for that VLAN?

Is there a helper-address on that VLAN's default gateway that is pointing to the DHCP server?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Guru Elite

Re: Migration to a new DHCP server


@syedmuradali wrote:

~ # cert_cap=0
vap aruba000 vlan is 327. not discovering tunnel vlan

 

Please do let me know what does this error means??


That message is cosmetic and can be ignored.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Super Contributor II

Re: Migration to a new DHCP server

How is that VLAN connected to the controller?  Is it on a trunk?  Is it on an access port?

It is trunk Port

 

Can you assign that VLAN to another port on the controller,  plug in a wired device in the port and get an ip address?  If not, the VLAN is not configured correctly.

DHCP is running only to that switch with which AP is connected. MC connected with core switch and doesn't have any DHCP runnning on it. That is why MC is assigned static IP.  Please refer to diagram attached earlier.

AP and controller are in different subnets and conncted with different swtiches but can be reachable from each other

 

 

What is that VLAN number?

VLAN number for which AP is connected is 327 and port is access. VLAN number for which MC is connected is 105 and trunk port. Both AP and MC are connected on different switches.

 

What is the router for that VLAN?

router for AP is 10.10.10.1/24

router for MC is 10.10.20.1x/24

 

Is there a helper-address on that VLAN's default gateway that is pointing to the DHCP server?

Yes on AP but No on MC

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Highlighted
Guru Elite

Re: Migration to a new DHCP server


@syedmuradali wrote:

How is that VLAN connected to the controller?  Is it on a trunk?  Is it on an access port?

It is trunk Port

 

Can you assign that VLAN to another port on the controller,  plug in a wired device in the port and get an ip address?  If not, the VLAN is not configured correctly.

DHCP is running only to that switch with which AP is connected. MC connected with core switch and doesn't have any DHCP runnning on it. That is why MC is assigned static IP.  Please refer to diagram attached earlier.

AP and controller are in different subnets and conncted with different swtiches but can be reachable from each other

 

 

What is that VLAN number?

VLAN number for which AP is connected is 327 and port is access. VLAN number for which MC is connected is 105 and trunk port. Both AP and MC are connected on different switches.

 

What is the router for that VLAN?

router for AP is 10.10.10.1/24

router for MC is 10.10.20.1x/24

 

Is there a helper-address on that VLAN's default gateway that is pointing to the DHCP server?

Yes on AP but No on MC


Okay.

 

There are two ways to do this:

 

In Tunnel mode, the user traffic is tunneled back to the controller and that is where the user would get its ip address.

In Bridge mode, the user traffic is bridged out the ethernet port of the access point and that is where the user would get its ip address.

 

Are you saying that you want the user to be able to get an ip address from the port that the access point is on?

 

If yes, the virtual AP forwarding mode needs to be bridged, and the access point needs to be physically on a trunk port.  VLAN 327 would need to be tagged on that port.  Since your access point is on an access port, make the VLAN 1, INSTEAD OF 327.

 

forward.png


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Super Contributor II

Re: Migration to a new DHCP server

Thank you for the information i think You get the point to fault...

 

There are two ways to do this:

In Tunnel mode

In Bridge mode

we tried both modes but didn't success.

 

Are you saying that you want the user to be able to get an ip address from the port that the access point is on?

Yes because in DHCP server many subnets  are defined and each subnet is attached with specific VLAN. Each VLAN is associated with a building. in other words

we have many buildings, each building has local VLAN and corresponing different subnets are defined against each VLAN in DHCP server, so the user of every building gets their IP address on the bases of their VLAN. Now we are deplyoing AP's and want that wireless user of that building get the IP addresses from that specific subnet for which AP is attached.

 

If yes, the virtual AP forwarding mode needs to be bridged,

we have done it but its didn't worked

 

the access point needs to be physically on a trunk port

we didn't try this. May be it is the problem. but i am confused about it.. Would it be OK to plug in AP in access Port?? It don't have any issue?

 

 

One more thing if we forwarding mode is bridge, please advice how the traffice of wireless user will flow?? i beleive Tunnel is secure way but not sure about bridge.

 

 

Thank you so much for your support and sorry my english is not very good.

 

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Highlighted
Guru Elite

Re: Migration to a new DHCP server

Make the Virtual AP VLAN 1, since your access point is on an access port.  That way the traffic will be sent out of the access point  without being tagged.

 

Your traffic is secure either in bridge or tunnel mode.

 

Last but not least, Control Plane Security needs to be enabled to use bridged mode.  I can see from the access point message "cert_cap=0", that you do not have control plane security is not on.  Turn it on by going to Configuration> Control Plane Security:

control.png

 

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Super Contributor II

Re: Migration to a new DHCP server

Make the Virtual AP VLAN 1, since your access point is on an access port.  That way the traffic will be sent out of the access point  without being tagged

If the traffic is send out without tagged than how DHCP will come to know that IP of which subnet should be assigned ??? . I'm confused.

I shall be thankfull to you if you please add me on skype so that i can clearify the real sceinareo to you..

my skype id is smurad.ali

 

Thank you for your help. So kind of you ...

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Highlighted
Guru Elite

Re: Migration to a new DHCP server


@syedmuradali wrote:

Make the Virtual AP VLAN 1, since your access point is on an access port.  That way the traffic will be sent out of the access point  without being tagged

If the traffic is send out without tagged than how DHCP will come to know that IP of which subnet should be assigned ??? . I'm confused.

I shall be thankfull to you if you please add me on skype so that i can clearify the real sceinareo to you..

my skype id is smurad.ali

 

Thank you for your help. So kind of you ...



If the traffic is send out without tagged than how DHCP will come to know that IP of which subnet should be assigned ??? . I'm confused.

 

---  When it sends the traffic out untagged, it simply bridges the traffic to the ethernet port of the AP.  When the traffic is sent out that way, it is identical to if the client is just plugged into the same segment as the AP.  It does not need to know the VLAN.  That is why you can just put VLAN1.  At manny different locations, the "VLAN" will be different, but as long as your VLAN is 1, it will just send the user traffic, including DHCP out to the local physical subnet, where the client will get an ip address.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Super Contributor II

Re: Migration to a new DHCP server

Thank you Friend...To summarize whenever i will go office I will perform the following Step

 

When Switch port connected with AP is access

  • make VLAN 1 on controller
  • Assign VLAN 1 to Virtual AP
  • Change the fowarding mode to bridge
  • Enable the Control Plane Security, Auto Cert Provision and set Address Allowed for Auto Cert All.

 

When Switch port connected with AP is Trunk

  • make VLAN 327 on controller
  • Assign VLAN 327 to Virtual AP
  • Asssing IP address and IP helper address to the VLAN 327
  • Change the fowarding mode to bridge
  • Enable the Control Plane Security, Auto Cert Provision and set Address Allowed for Auto Cert All.

 

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Highlighted
Guru Elite

Re: Migration to a new DHCP server


@syedmuradali wrote:

Thank you Friend...To summarize whenever i will go office I will perform the following Step

 

When Switch port connected with AP is access

  • make VLAN 1 on controller
  • Assign VLAN 1 to Virtual AP
  • Change the fowarding mode to bridge
  • Enable the Control Plane Security, Auto Cert Provision and set Address Allowed for Auto Cert All.

 

When Switch port connected with AP is Trunk

  • make VLAN 327 on controller
  • Assign VLAN 327 to Virtual AP
  • Asssing IP address and IP helper address to the VLAN 327
  • Change the fowarding mode to bridge
  • Enable the Control Plane Security, Auto Cert Provision and set Address Allowed for Auto Cert All.

 


 

 

That is correct.  In the Virtual AP for that WLAN, you can just type in a 1 for the VLAN.  You don't have to create a VLAN1 on the controller.  You can also ignore the second scenario, because it is rare that you will have an AP on a trunk.  Get the first scenario working and we can see if you even need the second scenario.  Enable control plane security first!  All the APs will have to reboot, so having this done in the background is important.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: