Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VMC tunnel mode vs bridge mode

This thread has been viewed 18 times

  • 1.  VMC tunnel mode vs bridge mode

    Posted May 29, 2017 03:03 PM

    Hello,

    I deploy VMC OS 8.0.1.1 (IP, default gateway,...), provisioning AP and add demo license.

    I tested bridge mode, so client traffic do not pass controller and client get connectivity with my LAN.

    Then I test forward tunnel mode and client also get IP address from my LAN DHCP Server (not Aruba VMC), but from client I can only ping my controller and nothing else. Client have no access to my LAN servers.

    I have not installed PEF license. My initial role is logon and I can not change it.

    So my question is, do I need PEF licese to install it, so forwarding tunnel mode work correct and client can get access to my LAN.

     

    Thanks.

    Blaz

     



  • 2.  RE: VMC tunnel mode vs bridge mode

    Posted Jul 11, 2017 04:02 PM

    You don't need to install the license PEF. I did installed it and i couldn't get it work anyway. The problem must reside somewhere else. We've been working around this and we couldn't solve it. Any ideas?



  • 3.  RE: VMC tunnel mode vs bridge mode

    EMPLOYEE
    Posted Jul 11, 2017 04:30 PM

    Logon role will restric any client access to the controller only. You would need to change the initial role (assuming your WLAN is open or WPA2-PSK) to something else, usually guest works. PEF will give you far more default options as well as the ability to create custom roles and policies, without PEF, you have more limited default roles and no customization.



  • 4.  RE: VMC tunnel mode vs bridge mode

    Posted Jul 11, 2017 04:36 PM
    @jhoward wrote:

    Logon role will restric any client access to the controller only. You would need to change the initial role (assuming your WLAN is open or WPA2-PSK) to something else, usually guest works. PEF will give you far more default options as well as the ability to create custom roles and policies, without PEF, you have more limited default roles and no customization.

     

    Hello jhoward. We tried with default-via-role and even created a role with any to any permit acl. Also we connected two devices through wireless and they saw each other (icmp). But at the moment of pinging the DHCP server (switch L2/L3, the default gateway of VMC and those devices) it didn't respond. Awaiting further comments, thanks for the reply my friend. Regards.



  • 5.  RE: VMC tunnel mode vs bridge mode

    EMPLOYEE
    Posted Jul 11, 2017 04:57 PM

    This is likely then due to the ESX config of the network vSwitch that the VMC is assigned to. Are you one big flat VLAN on your VMC, and does the IP of your VMC, ESX server, and network default gateway all reside on the same L2 network? 

     

    If not, you need ot make sure that your VMC is on a different vSwitch than vSwitch0 (the default ESX vSwitch where ESX management is done), and that it's confgiured as a Trunk port on the vSwitch. That promiscuous mode and forged transmits are enabled on the vSwitch/port group on the ESX server, and that your VLAN config applies to the correct network adapter in the VMC's network settings on the ESX host.

     

    if you can provide a network drawing of your setup, the 'show vlan' and 'show ip int br' from your VMC, as well as screenshots of your ESX host's network settings on the relevant vSwitches, we can start there.



  • 6.  RE: VMC tunnel mode vs bridge mode

    Posted Jul 12, 2017 09:22 AM
    @jhoward wrote:

    This is likely then due to the ESX config of the network vSwitch that the VMC is assigned to. Are you one big flat VLAN on your VMC, and does the IP of your VMC, ESX server, and network default gateway all reside on the same L2 network?  

     

    If not, you need ot make sure that your VMC is on a different vSwitch than vSwitch0 (the default ESX vSwitch where ESX management is done), and that it's confgiured as a Trunk port on the vSwitch. That promiscuous mode and forged transmits are enabled on the vSwitch/port group on the ESX server, and that your VLAN config applies to the correct network adapter in the VMC's network settings on the ESX host.

     

    if you can provide a network drawing of your setup, the 'show vlan' and 'show ip int br' from your VMC, as well as screenshots of your ESX host's network settings on the relevant vSwitches, we can start there.

    Our idea is to work with vlan's but in our primary test it's all on one flat vlan (native, 1).  I just enabled promiscous mode over ESX and it worked. Genius!! Thanks. 

    Now, i'll work with vlan's taking in consideration your comments. Never the less, in the next link you will find a resumed diagram of what we have.Again, thanks a lot for your help.