Wireless Access

Hey everyone,

I've managed to configure a RAP unit to authenticate from home and extend my corporate wireless and I'm able to connect to it and receive a DHCP address. Happy days.

I've connected my laptop to the second ethernet port but I don't receive any DHCP address. The port is active in the profile with similar configuration to the wireless but no go.

Does anyone have any ideas where to start troubleshooting/rectifying this problem?

Many thanks,

Do you see the laptop show up in the controller as a client?   What role does it have?

Check the following for the Ethernet Interface 1 Port Configuration on that particular AP Group:

1. Wired AP Profile
   - Is it enabled?
   - What VLAN is it on?
   - What is the forwarding mode?
   - Is it trusted?
2.  AAA Profile
   - Do you have a AAA profile defined for that port?
   - Are you authenticating that port, or do you want it open?
   - If no auth; set the initial role to something that will allow the client to get a DHCP address; and do whatever else you want it to

Please check the Virtual Branch Networking VRD available at and check out page #149 to get a snapshot of the configuration required for the RAP wired port. 

http://www.arubanetworks.com/pdf/technology/VBN_VRD.pdf

Hope it helps ! 

--

HT 

The profile hierarchy will drive you dizzy if you don’t draw it out: Assuming your ap-group: RAP, your Ether port I profile: ETH1, your ap wired profile: APWIRED.

Ap-group RAP

..…..Ethernet interface 1 port configuration ETH1

……………ap wired-ap-profile APWIRED

• First check APWIRED, (show ap wired-ap-profile APWIRED) make sure right vlan, trunk or access port, port is trusted, and wired-ap is enable…
• Then check your ap port profile (show ap wired-port-profile ETH1) make sure its “Wired AP profile” is correct (APWIRED in this example); to simplify, the AAA profile for wired port should be N/A.
• Then check your ap-group (show ap-group RAP) make sure “Ethernet interface 1 port configuration” pointed to a correct profile (ETH1 in this example)

In response:

1. Wired AP Profile
   - Is it enabled? Yes
   - What VLAN is it on? Our corporate data vlan
   - What is the forwarding mode? Tunnel
   - Is it trusted? No
2.  AAA Profile
   - Do you have a AAA profile defined for that port? No
   - Are you authenticating that port, or do you want it open? Ideally Open
   - If no auth; set the initial role to something that will allow the client to get a DHCP address; and do whatever else you want it to

Going to trust the port and test it :)

Ok, so I've managed to get the wired port working now (tbh I think I just forgot to check the "Wired AP enable" checkbox.. oops

Now for a bit of tweaking. We currently use Radius to authenticate users/computers based on AD group membership. So your account and / or computer have to be in these groups to be on the wireless.

I would like to limit the wired ethernet port so that only authenticated computers have access.

I've noticed on the AP port configuration page there is a "bridge role" drop down list, is it just a case of changing this to "Trusted_computer" / "Computer" / "Staff"

Thanks