Wireless Access

New Contributor

Vlans are associated to SSIDs, however, all but Guest VLAN get IP assigned from one VLAN.

As stated above, all of our Vlans are associated to single SSIDs, however, all but Guest VLAN get IP assigned from one VLAN.
Corporate Vlan 55 =          CorpLAN
Corp Guest Vlan 56 =        GuestLAN
IT Vlan 57 =                        ITLAN

If I connect to CorpLAN or ITLAN I am assigned an IP from
If I connect to GuestLAN I am assigned an IP from

GuestLAN uses PreSharedKey for 802.1x Authentication
CorpLAN uses WPA2 eap-peap,eap-mschapv2, for 802.1x Authentication (Via Radius Server)
ITLAN uses WPA2 eap-peap,eap-mschapv2, for 802.1x Authentication (Via Internal DB)

Any ideas what I am doing wrong?



Guru Elite

Re: Vlans are associated to SSIDs, however, all but Guest VLAN get IP assigned from one VLAN.

Make sure that the Role that your user gets when he connects to the IT WLAN does not have a VLAN hardcoded.  To find out why a user got the VLAN use:


show user-table ip <ip address of user>


(Aruba7005-US) #   show user-table ip

Name: employee-mac, IP:, MAC: b8:c8:56:38:9d:be, Age: 00:00:37
Role: authenticated-vsa (how: ROLE_DERIVATION_DOT1X_VSA), ACL: 68/0
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-PEAP, server: CPPM
Authentication Servers: dot1x authserver: CPPM, mac authserver: 
Bandwidth = No Limit
Bandwidth = No Limit
VLAN Derivation: Default VLAN
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wireless, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=0, vpnflags=0, u_stm_ageout=1
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 0
phy_type: a-VHT-80, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 14
Vlan default: 1, Assigned: 1, Current: 1 vlan-how: 1 DP assigned vlan:0 
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x2100, Port=0x1001d (tunnel 29)
Essid: ACME-TLS, Bssid: 9c:1c:12:90:5d:92 AP name/group: Office-225/default Phy-type: a-VHT-80 Forward Mode: tunnel
RadAcct sessionID:n/a
RadAcct Traffic In 74085/20866998 Out 124929/100439424 (1:8549/0:0:318:26550,1:59393/0:0:1532:38272)
Timers: L3 reauth 0, mac reauth 0 (Reason: ), dot1x reauth 0 (Reason: )
Profiles AAA:ACME-TLS-aaa_prof, dot1x:dot1x_prof-skn93, mac: CP:n/a def-role:'logon' sip-role:'' via-auth-profile:''
ncfg flags udr 0, mac 0, dot1x 1, RADIUS interim accounting 0
IP Born: 1459803277 (Mon Apr  4 15:54:37 2016)
Core User Born: 1459803277 (Mon Apr  4 15:54:37 2016)
Upstream AP ID: 0, Downstream AP ID: 0
User Agent String: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
HTTP based device-id info - Index: 5, Device: OS X
MAC based device-id info - Index = 197, OUI = B8E856 Group = Apple
Overall device-id info - Index: 13, Device: OS X
Max IPv4 users: 2
L3-Auth Session Timeout from Radius: 0
Mac-Auth Session Timeout Value from Radius: 0
Dot1x Session Timeout Value from Radius: 0
CoA Session Timeout Value from Radius: 0
Dot1x Session Term-Action Value from Radius: Default
Reauth-interval from role: 0
Number of reauthentication attempts: mac reauth 0, dot1x reauth 0
mac auth server: N/A, dot1x auth server: CPPM
Address is from DHCP: yes
Per-user-log pointer 0x122910c (id 539), num logs 56

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: