Wireless Access

Reply
Highlighted
Contributor I

Re: Using GRE Tunnels to centralize L3 access

I will do it and get back to you. 

Thanks :)

Highlighted
Contributor I

Re: Using GRE Tunnels to centralize L3 access

Hi I have done the testing.

 

It seems everything has started working like a dream itself :)

 

I ran the debugging log command on the mac address for the client I am using. I got the logs for the authentication process. Once authentication is done and I am moving between APs, I cant see any logs under debug command. Why is it so?

 

I will keep monitoring for the next few days and will see if it is really working.

 

Thanks again for your help.

Highlighted
Guru Elite

Re: Using GRE Tunnels to centralize L3 access


admin@rosmini.school.nz wrote:

Hi I have done the testing.

 

It seems everything has started working like a dream itself :)

 

I ran the debugging log command on the mac address for the client I am using. I got the logs for the authentication process. Once authentication is done and I am moving between APs, I cant see any logs under debug command. Why is it so?

 

I will keep monitoring for the next few days and will see if it is really working.

 

Thanks again for your help.


If it is a dream, don't wake up!!

 

Let us know.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Using GRE Tunnels to centralize L3 access

Following are the logs which I got once my connection dropped as client (ipad) gone sleep.

It says fastroaming disabled. Why is it so?

 

RCW-CORE-3400) #show log user all | include 1c:ab:a7:c7:4f:b8
Mar 28 01:22:40 :501109: <NOTI> |AP Library (00:24:6c:c2:af:b9)@192.168.109.114 stm| Auth request: 1c:ab:a7:c7:4f:b8: AP 192.168.109.114-00:24:6c:aa:fb:99-Library (00:24:6c:c2:af:b9) auth_alg 0
Mar 28 01:22:40 :501093: <NOTI> |AP Library (00:24:6c:c2:af:b9)@192.168.109.114 stm| Auth success: 1c:ab:a7:c7:4f:b8: AP 192.168.109.114-00:24:6c:aa:fb:99-Library (00:24:6c:c2:af:b9)
Mar 28 01:22:40 :501095: <NOTI> |stm| Assoc request @ 01:22:40.199057: 1c:ab:a7:c7:4f:b8 (SN 2): AP 192.168.109.114-00:24:6c:aa:fb:99-Library (00:24:6c:c2:af:b9)
Mar 28 01:22:40 :501095: <NOTI> |AP Library (00:24:6c:c2:af:b9)@192.168.109.114 stm| Assoc request @ 01:22:40.196761: 1c:ab:a7:c7:4f:b8 (SN 2): AP 192.168.109.114-00:24:6c:aa:fb:99-Library (00:24:6c:c2:af:b9)
Mar 28 01:22:40 :501100: <NOTI> |stm| Assoc success @ 01:22:40.200423: 1c:ab:a7:c7:4f:b8: AP 192.168.109.114-00:24:6c:aa:fb:99-Library (00:24:6c:c2:af:b9)
Mar 28 01:22:40 :501100: <NOTI> |AP Library (00:24:6c:c2:af:b9)@192.168.109.114 stm| Assoc success @ 01:22:40.197484: 1c:ab:a7:c7:4f:b8: AP 192.168.109.114-00:24:6c:aa:fb:99-Library (00:24:6c:c2:af:b9)
Mar 28 01:22:40 :501065: <DBUG> |stm| Sending STA 1c:ab:a7:c7:4f:b8 message to Auth and Mobility Unicast Encr Open Multicast Encr Open VLAN 0x2, wmm:0, rsn_cap:0
Mar 28 01:22:40 :500511: <DBUG> |mobileip| Station 1c:ab:a7:c7:4f:b8, 0.0.0.0: Received association on ESSID: Rosmini_Hotspot Mobility service ON, HA Discovery on Association ON, Fastroaming Disabled, AP: Name Library (00:24:6c:c2:af:b9) Group default BSSID 00:24:6c:aa:fb:99, phy a, VLAN 2
Mar 28 01:22:40 :522035: <INFO> |authmgr| MAC=1c:ab:a7:c7:4f:b8 Station UP: BSSID=00:24:6c:aa:fb:99 ESSID=Rosmini_Hotspot VLAN=2 AP-name=Library (00:24:6c:c2:af:b9)
Mar 28 01:22:40 :522004: <DBUG> |authmgr| MAC=1c:ab:a7:c7:4f:b8 ingress 0x10f5 (tunnel 117), u_encr 1, m_encr 1, slotport 0x1041 , type: local, FW mode: 0, AP IP: 0.0.0.0
Mar 28 01:22:40 :522004: <DBUG> |authmgr| MAC=1c:ab:a7:c7:4f:b8, wired: 0, vlan:2 ingress:0x10f5 (tunnel 117), new_aaa_prof: Rosmini_Hotspot-aaa_prof, stored profile: Rosmini_Hotspot-aaa_prof stored wired: 0 stored essid: Rosmini_Hotspot
Mar 28 01:22:40 :522004: <DBUG> |authmgr| MAC=1c:ab:a7:c7:4f:b8 def_vlan 2 derive vlan: 0 auth_type 1 auth_subtype 1

Highlighted
Guru Elite

Re: Using GRE Tunnels to centralize L3 access

What is the role that the device gets when it is associated and authenticated?

 

show us the output of "show rights <role>"

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Using GRE Tunnels to centralize L3 access

The role is Logon and following are the rights

 

(RCW-CORE-3400) #show rights Rosmini_Hotspot-guest-logon
Derived Role = 'Rosmini_Hotspot-guest-logon'
 Up BW:No Limit   Down BW:No Limit
 L2TP Pool = default-l2tp-pool
 PPTP Pool = default-pptp-pool
 Periodic reauthentication: Disabled
 ACL Number = 35/0
 Max Sessions = 65535
 Captive Portal profile = Rosmini_Hotspot-cp_prof
access-list List
----------------
Position  Name           Location
--------  ----           --------
1         logon-control
2         captiveportal
logon-control
-------------
Priority  Source  Destination  Service   Action  TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------   ------  ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         user    any          udp 68    deny                             Low                                                           4
2         any     any          svc-icmp  permit                           Low                                                           4
3         any     any          svc-dns   permit                           Low                                                           4
4         any     any          svc-dhcp  permit                           Low                                                           4
5         any     any          svc-natt  permit                           Low                                                           4
captiveportal
-------------
Priority  Source  Destination  Service          Action        TimeRange  Log  Expired  Queue  TOS  8021P  Blacklist  Mirror  DisScan  ClassifyMedia  IPv4/6
--------  ------  -----------  -------          ------        ---------  ---  -------  -----  ---  -----  ---------  ------  -------  -------------  ------
1         user    controller   svc-https        dst-nat 8081                           Low                                                           4
2         user    any          svc-http         dst-nat 8080                           Low                                                           4
3         user    any          svc-https        dst-nat 8081                           Low                                                           4
4         user    any          svc-http-proxy1  dst-nat 8088                           Low                                                           4
5         user    any          svc-http-proxy2  dst-nat 8088                           Low                                                           4
6         user    any          svc-http-proxy3  dst-nat 8088                           Low                                                           4
Expired Policies (due to time constraints) = 0
Highlighted
Guru Elite

Re: Using GRE Tunnels to centralize L3 access

Okay.  After a user authenticates to the captive portal, what role to they end up in?

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Using GRE Tunnels to centralize L3 access

They end being with a role "guest"

Highlighted
Guru Elite

Re: Using GRE Tunnels to centralize L3 access

"Okay.  Let's see "show rights guest"


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Using GRE Tunnels to centralize L3 access

I am trying to paste the guest rights in this text box but it says I am exceeding limit of characters. see attached file...

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: