Wireless Access

Reply
Highlighted
Occasional Contributor II

New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

A previously configured WLAN (not configured by me) stopped (?) working and in the hopes of debugging it, I've created a new Virtual-AP without any security and a new VLAN. The client connects successfully to the WLAN, gets an IP from the external DHCP, but is still unable to connect with the gateway.

 

Our aruba controller is directly connected to our central Core-Routers and the port-channel has the VLAN configured. There shouldn't be any ACLs or likewise messing with the connection (neither on the Controller nor on the rest of the network), everything is as open as I was able to configure it. Connection from a wired interface (no aruba switch though) with same MAC works.

 

The controller does not have an IP configured in the VLANs subnet, it only knows about the VLAN id (which should be everything it needs?). The connected client also does not appear in the user-table.

 

I am running out of ideas how to debug this. Any help?

 

Controller: Aruba3600

AOS: 6.4

MVP
MVP

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

What is the role of the connected client and what acl have that role?
Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Occasional Contributor II

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

The role is "authenticated" and like I said, there are minimal ACLs rules defined.

 

I even switched to a default role, that has literally no ACLs defined. Also using another VLAN that was already defined (and works for another WLAN) also works.

MVP Guru

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

Are you referring to the clients default gateway or the perimeter gateway to the Internet? If the client cannot reach the Internet, is all the return routing for the client VLAN in place? If you run the below you can see if there is any D (for denied traffic) or Y (no -syn packet) flags for the client traffic.

 

show datapath session | include [CLIENTS IP ADDRESS]

If there is no ACL's as mentioned in your default role, the client traffic will not pass.

 

Are you able to provide the output of the user role assigned to the clients

 

show rights [USER ROLE]

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

10.1.126.118 224.0.0.251     17   5353  5353   0/0     0    0   0   tunnel 350  d    0          0          FDYC

Well color me stumped, I have both D and Y.

 

See attached the ACL-list of the role "authenticated".

 

Thanks for all your help.

 

EDIT

Yes, I do mean the client's default gateway.

MVP Guru

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

I guess in the first case, lets have a look at the ACLs in the User Role to
see why the traffic is denied :)

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
MVP Guru

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

What is the clients gateway? Your ACL list is quite extensive. Looking at the deny traffic that is multicast traffic so potentially is denied. Can you even ping the clients default gateway?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

Nope, from a client I cannot ping the client's default gateway.

 

I changed the role to a default one that is basically allow-all. See "default-via-role.txt"

 

Thanks for trying to help me.

 

EDIT

The client's gateway is10.1.126.126, the subnet for the VLAN is 10.1.126.64/26. 

MVP Guru

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

Hey, what is the clients default gateway? We can compare this against the
ACL's.

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: New VLAN - Client is connected, gets IP from external DHCP, still no connection to Gateway

Sorry, clicked too soon on Post, edited into my previous post afterwards.

 

The client's gateway is10.1.126.126

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: