Wireless Access

Warning: Very New to Aruba! Please be Patient.

(Test Environment)

I have an Aruba 7210 connected to a Juniper 4200. There are only 3 APs at the moment connected to the 7210.

The APs are receiving DHCP from the Master.

The WLAN is broadcasting SSID

The Clients are able to view the SSID

At the moment there are no Firewalls policies set.

At the moment the WLAN is set to OPEN with no Encryption.

Port 1 is set to trunk to the Juniper 4200 switch, where the associated port is trunked with the associated VLAN

The clients however are not authenticating. Stranger is despite being able to launch the AWMS and connect to the Aruba Master, not to mention SSH into the Master, I can not ping the VLAN IP address which is set on the Aruba.

I have checked the DHCP tables and the VLAN is present. I am slightly convinced this is more of an issue on the Juniper side than the Aruba, but this community seemed the most helpful of the two.

Has anyone experienced this issue? I have checked the configs against work environment locations and everything appears similar, but does not appear to be working.

Thanks in advance for the help. I'll provide as much information as needed to resolve the issue.

---

@Neil-V wrote:

Warning: Very New to Aruba! Please be Patient.

 

(Test Environment)

 

I have an Aruba 7210 connected to a Juniper 4200. There are only 3 APs at the moment connected to the 7210.

The APs are receiving DHCP from the Master.

The WLAN is broadcasting SSID

The Clients are able to view the SSID

At the moment there are no Firewalls policies set.

At the moment the WLAN is set to OPEN with no Encryption.

 

Port 1 is set to trunk to the Juniper 4200 switch, where the associated port is trunked with the associated VLAN

 

The clients however are not authenticating. Stranger is despite being able to launch the AWMS and connect to the Aruba Master, not to mention SSH into the Master, I can not ping the VLAN IP address which is set on the Aruba.

 

I have checked the DHCP tables and the VLAN is present. I am slightly convinced this is more of an issue on the Juniper side than the Aruba, but this community seemed the most helpful of the two.

 

Has anyone experienced this issue? I have checked the configs against work environment locations and everything appears similar, but does not appear to be working.

 

Thanks in advance for the help. I'll provide as much information as needed to resolve the issue.

---

- How is the Aruba controller connected to the Juniper?

- Is it a trunk or an access port?

- What VLAN are clients placed on ?  (type "show ap essid" to see what VLANs users are placed on).

- What VLANs are assigned to what ports on the Aruba controller? (type "show vlan status")

Thanks for the quick reply.

WiFI  2    0        2580     Open

 #2580    10.168.XXX.X/255.255.XXX.0  Enabled     Up         1          Disabled            Regular  GE0/0/1
Port is set as a trunk

type "show trunk" and make sure your "native" vlan matches what you have on the juniper side...

GE0/0/1  ALL            1,2580        2580

They match

What VLAN is the 10 subnet on the Juniper side?  If it is not 1, just make it an access port on both sides...

set interfaces ge-0/0/8 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members 2580
set interfaces ge-0/0/8 unit 0 family ethernet-switching native-vlan-id 1
set protocols rstp interface ge-0/0/8.0 edge

port 1 on the Aruba is where we are plugged into which is also set to native vlan 1 and 2580 and trunk

Based on your output before, the Native VLAN on the Aruba side is 2580....  It does not match your Juniper output.  You need to fix one side of that to make the Native VLANs match..

In have changed the Vlans on both ends to reflect 2580, I am still unable to ping that vlan on the Aruba however. I have talked with some of the other techs and we all agree it sounds like it should be simple. It is an L2 link that is open and I am totally lost on the issue. Again any help is appreciated

Took us some hours with support but we finally figured out that we could not include vlan 1 in the trunk port so that needed to be disabled. I am now able to manually assign IPs to clients in order to access networks but they are not automatically obtaining DHCP addresses.

Also, to debug what is going on with DHCP, run the following if support has not already done so:

config t

logging level debugging network subcat dhcp

attempt to connect with a device

show log network all | include <MAC of client>

when you are done:

no logging level debugging network subcat dhcp

Partially edited due to last post:

A couple  of follow up things to check.

- is the port trusted?

- is the vlan trusted?

I am guessing so since you get to the UI; but worth a check.  show interface gigabitethernet 0/0/1 or show running-config | begin 0/0/1 should show this.

- where is DHCP being given out?  What VLAN is the DHCP server on?   Do you need forwarders setup somewhere f it is off on another network? 

-Also, is the controller-ip VLAN 2580 or another VLAN?   

Thanks for all the quick responses. Clembo your response made me look at my InfoBlox which is actually handling the DHCP and realized that it was pointed to the wrong address. All sorted now!

Thanks for the update Neil.   Out of curiousity, was it a misconfiguration on the Infoblox side or was it an Aruba or Juniper config issue (ie. forwarders not setup)?

If you are confident your issues is resolved, please mark the post solved.