Hello,
I experienced the problem when I specified VLAN mobility, the client picks wrong DHCP scope.
Controller Aruba 3400 OS 5.0.4.6
Configuration
VLAN200 is configured in the 3400 controller only. VLAN200 does not have Interface.
VLAN200 has DHCP server enabled.
VirtualAP V200 has Tunnel mode , WEP authentication and belongs to VLAN200. VLAN Mobility is enabled.
In 3400 controller, Inter-VLAN routing is enabled. so that VLAN200 can route to VLAN1.
VLAN1 is configured in the 3400 controller and has Interface 1/0. This Interface 1/0 is connected to
core switch.
In the Core switch, VLAN1 and VLAN250 is defined. VLAN1 and VLAN250 is routable in L3. (L3 switch)
There is DHCP scope for VLAN1 and VLAN250.
Remote AP is connected under VLAN250.
The problem is - when I connect Virtual AP V200, ip should be supplied by Aruba 3400 DHCP server,
but sometimes ip is supplied from VLAN1.
When I disabled VLAN Mobility option, this behavior does not occur again.
Thinking of how VLAN Mobility works, Aruba 3400 ask around other switches if MAC address is already in the mac-address-table and if it does, Aruba 3400 tries to find which VLAN it used to belong. Actually, this pc used to belong VLAN1 a week ago and IP address which was wrongly assigned seems to be the same IP address when the pc was in VLAN1.
In past, I experienced a scanner which never belonged to VLAN1, picked up VLAN1 DHCP scope IP address.
Reading the concept how VLAN Mobility works, my understanding is - VLAN Mobility should work if all AP connects to the same controller? In this case, two APs are connected under same VLAN250, and Tunnel mode VirtualAP V200 let the device being connected to VLAN200 within the controller. I believed that everything works fine within VLAN200 in the same Aruba 3400 controller, since it is Tunnel Mode! (Not a bridge Mode)
Remote AP1 - VLAN250 - Core Switch - VLAN1 - [Aruba 3400 VLAN1 - VLAN200]
Remote AP2 - VLAN250 - Core Switch - VLAN1 - [Aruba 3400 VLAN1 - VLAN200]
Does someone know why this behavior happens? I guess - as long as wrong mac-address-table exists in core switch, this behavior can happen. Therefore to make VLAN Mobility work ( to pick up right DHCP scope), we should shorten mac-address-table lifetime?
Or is there any misconfiguration that VLAN Mobility should not work?
#3400