Wireless Access

Hi all,

Need some help here about this network issue this is from my customer side.

Thier environment is static ip without dhcp. Currently the ip range 192.168.0.X is finishing soon. That why they have bring in the Aruba controller and Aruba AP.

Currently all setup done complete. All of the switches is unmanage switch.

Aruba Controller manage to provide two DHCP range. Each AP is assign to one profile. We cannot do two ssid for one AP because there are no manage switch to tags the vlans.

SSID

Staff 192.168.201.X - WPA2

Guest is 192.168.202.X - Captive Portal

Both of this subnet manage to ping the firewall.

Both of this subnet manage to ping to server and workstation which is ip range 192.168.0.X

Customer want to access to the file server with ip address 192.168.0.141.

A laptop connected wirelessly to the Staff ssid. manage to get 192.168.201.100.

Ping to internet works fine 8.8.8.8

Ping to firewall works fine

Ping to the file server works fine

but when want to access file server it does not even prompt for username and password cause usually when it is not in the same domain it will prompt this does not happen. (We do not join AD. too much credential and fill in the blanks. The local IT administrator dont know where to get all the details from the AD(ldap)Server) so the Aruba controller is configured without joining AD. "i wonder if aruba can make easier AD integration? too much fill in the blanks"

then i go back to the file server ping back to the laptop 192.168.201.100 not working. (even i use a phone connected to SSID guest manage to go out internet but the file server cannot ping to the guest network 192.168.202.X)

is it they need to do something at the firewall side? We supply the aruba controller and AP only. Do we need to tweak anything at the firewall side? or is there any other setting we need to do at the aruba controller?

* another issue is, see the second image there is another switch located at the warehouse section. when plug in the Aruba AP Controller can find the AP but cannot be provision. is it because they are not plug in directly to aruba controller? So at the warehouse side there is not SSID broadcast.

This is a Aruba 800 Controller and 7 units of Aruba 60 AP

What is the default gateway of clients on 192.168.201.x and 192.168.202.x?  What is the default gateway of the file server?

all is point to firewall 192.168.0.1

---

@k2002 wrote:

all is point to firewall 192.168.0.1

---

Does the firewall have an interface on 192.168.201.x and 192.168.202.x?  If not, it needs a route to be able to send traffic to those subnets.

---

@k2002 wrote:

all is point to firewall 192.168.0.1

---

Do you have "ip nat inside" on the VLAN interfaces on the Aruba Controller for 192.168.201.x an 192.168.202.x?  That could be your problem...

ok i will try to check. where is this specifically ip nat inside? network->ip route section? in the wireless controller setting right?

Network> IP  "Enable source NAT for this VLAN" or "IP Nat inside".

If this is checked, that means that traffic is being natted out of the controller and that is why it cannot be reached from the server.  The natting allows users in those subnets to get to the internet, so if you uncheck it, that will be broken.

To fix this, you can setup two routes on your firewall that point to the ip address of your controller for the subnets of 192.168.201.0 255.255.255.0 and 192.168.202.x  That is so that traffic that comes from your server and goes to your firewall knows to go to the controller to reach the 192.168.201 and 202 networks.