This is my first post, and I hope you guys can help me with this issue. We sold an Aruba solution using Instant Access Points, Airwave, Aruba S2500 POE switches and ClearPass onboard to a customer with 22 site locations. We are ripping and replacing an HP switch/wifi based solution, with a complete Aruba solution. We now have an issue on a site where we are forced to run parallel infrastructure before we can remove and replace all the old HP kit.


Our Instant 105 AP's are configured for VLAN 17 (the management VLAN) and our switches are also in VLAN 17. So all the AP's and switches get management IP's as assigned in VLAN 17. The Instant Virtual Controller's IP address is assigned statically in VLAN 17, while the member AP's get their IP's assigned dynamically in VLAN 17. The switches all have their management IP's assigned statically in VLAN 17. We then have an existing VLAN 1 (the default VLAN) that provides DHCP to the users on the network. Our S2500 switch is connected from its port 23 to the existing HP Procurve's port 7.


Here is the port confihuration for port 7 on the HP procurve:


Server Room# sh vlans ports 7 detail


Status and Counters - VLAN Information - for ports 7


  VLAN ID Name                 | Status     Voice Jumbo Mode

  ------- -------------------- + ---------- ----- ----- --------

  1       DEFAULT_VLAN         | Port-based No    No    Tagged

  17      network_man          | Port-based No    No    Tagged


Our problem is that we created SSID's on the Instant AP's, and tagged them for VLAN 1, but when a user connects to the SSID, he gets assigned an IP address from the VLAN 17 IP range, instead of the VLAN 1 IP range.


Here is the configuration for the Aruba S2500 switch:


(Aeroton) #show interface gigabitethernet 0/0/23


GE0/0/23 is administratively Up, Link is Up, Line protocol is Up

Hardware is Gigabit Ethernet, Interface is GE0/0/23, Address is 00:1a:1e:0b:be:59

Encapsulation ARPA, Loopback not set

Configured: duplex (Auto), Speed (Auto), FC (Off), Autoneg (On)

Negotiated: duplex (Full), Speed (100 Mbps)

Interface index: 24

MTU 1514 bytes

Link flaps: 0

Flags: Trunk, Trusted

Link status last changed: 0d 00:02:06 ago

Last update of counters: 0d 00:00:04 ago

Last clearing of counters: 0d 00:02:31 ago


Received 2934 frames, 421315 octets

58 pps, 74.265 Kbps

1657 unicast, 332 multicast, 945 broadcast

0 runts, 0 giants, 0 throttles

0 error octets, 0 CRC frames

Transmitted 2122 frames, 1593510 octets

47 pps, 98.656 Kbps

1999 unicast, 80 multicast, 43 broadcast

0 throttles, 0 errors octets, 0 deferred

0 collisions, 0 late collisions

PoE Information:

Administratively Enable, Port status: Off, Power consumption: 0 mW

PSE port status: Off, PD detection in progress


(Aeroton) #

(Aeroton) #

(Aeroton) #

(Aeroton) #

(Aeroton) #

(Aeroton) #

(Aeroton) #show vlan 1 detail


U - Untagged member, T - Tagged member

* - Active interface


Dot1q tag: 1, Description: DEFAULT_VLAN

Number of interfaces: 26, Active: 2, Non-Blocking: 2

VLAN membership:


GE0/0/6(U) GE0/0/7(U) GE0/0/8(U) GE0/0/9(U)

GE0/0/10(U) GE0/0/11(U) GE0/0/12(U) GE0/0/13(U)

GE0/0/14(U) GE0/0/15(U) GE0/0/16(U) GE0/0/17(U)

GE0/0/18(U) GE0/0/19(U) GE0/0/20(U) GE0/0/21(U)

GE0/0/22(U) GE0/1/0(U) GE0/1/1(U)


GE0/0/0*(T) GE0/0/1(T) GE0/0/2(T) GE0/0/3(T)

GE0/0/4(T) GE0/0/5(T) GE0/0/23*(U) GE0/0/23*(T)


I tried for a few minutes to peice together the network topology, but I am in a meeting and can't figure it out with the distractions. It souds like an L2 connection between VLAN 17 and 1 is transposed somewhere in the path. A good test would be to configure an access port in VLAN 1 on the Aruba switch and see if the wired device gets an IP out of VLAN 17 or VLAN 1. If you get an IP out of 17, then it's a wired issue up the path. If you get it out of VLAN 1, then it's an Instant configuration problem.

