Wireless Access

Reply
Highlighted
Frequent Contributor I

Wired AP Profile + Tunnel Mode

I'm running AOS 8.4 (although this issue existed with 8.3.x) and I am trying to utilize the WiredAP profile to tunnel users connected to ENET1 to the controller (7005). However, whenever I change the forward mode to tunnel nothing appears to happen. The user-table on the controller still shows the mode as "bridged" for that user and I lose connectivity. The switchport-mode in the profile is set to access native VLAN 2. AAA profile is doing MAC-AUTH via CPPM. CPPM is seeing the request and sending an ACCEPT. However, nothing ever gets tunneled. . 

Am I missing an additional configuration paramenter other than the WiredAP profile? Is this a TAC call?

Thanks

Guru Elite

Re: Wired AP Profile + Tunnel Mode

Is there a VLAN2 defined on the controller?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Frequent Contributor I

Re: Wired AP Profile + Tunnel Mode

Yes. It's the same VLAN that my wireless users receive. Should I define a VLAN in the 'WiredAP' role? Or, is that not necessary?

Guru Elite

Re: Wired AP Profile + Tunnel Mode

Do you see the user in the user table?  If not, you need to plug in a laptop with wireshark on that wired port and see what traffic happens when you plug it in.  There just needs to be a wired AP profile, with a forwarding mode of tunnel assigned to VLAN 2.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Guru Elite

Re: Wired AP Profile + Tunnel Mode

Making sure the user on that wired port can associate and obtain an ip address is the main thing.  There is also typically a AAA profile attached to that wired AP profile.  Make sure the initial role is "authenticated" or something with an allowall ACL.

 

Do not assign a VLAN to any role.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Frequent Contributor I

Re: Wired AP Profile + Tunnel Mode

Ok. Just making sure that I had the configuration correct. 

When I plug into the AP with a laptop, the controller says the mode is 'bridged'. I'm using 'show user' to verify. That's the most confusing part. . I can't even tell if the controller is 'taking' my config changes.

192.168.2.64  00:17:88:49:28:0c  00178849280c  wiredAP        00:02:13    MAC             Front LR  Wired(Remote)  192.168.2.75:0/1                  Home-Net  bridge                            WIRED

Home-Net being the AAA profile, and wiredAP being the role assigned via CPPM.

Guru Elite

Re: Wired AP Profile + Tunnel Mode

It looks like you still have a bridged configuration on that AP.

 

Type:  "show ap ap-group ap-name <name of ap> " to see what Ethernet interface 1 port configuration profile is.  Find out the is in that profile by typing "show ap wired-port-profile <that profile from the command above>"


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Frequent Contributor I

Re: Wired AP Profile + Tunnel Mode

Ok. I think this was a configuration hierarchy issue.

Additionally there was a AAA profile being applied at the MD level that I was not seeing at the folder level. 

 

It appears that if the MD has a profile applied that does not exist at the folder level, the UI still shows that you're applying the profile that you want--not taking into account that the MD configuration is overriding it. Leaving me to beat my head against the wall for an hour. 

The CLI showed me a profile that I didn't recognize and didn't exist at the folder level. Thanks for the help!

Guru Elite

Re: Wired AP Profile + Tunnel Mode

You should be able to click on the MD and see the configuration at that level.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Frequent Contributor I

Re: Wired AP Profile + Tunnel Mode

I did once the CLI threw out a profile name that I don't recall ever creating. I 'never' make any config changes at the MD level. So, I didn't think to just drill down and make sure it wasn't being overridden.

Next time that will the first troubleshooting step.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: