Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Wireless user unable to login - Switching between Vlans

This thread has been viewed 0 times

  • 1.  Wireless user unable to login - Switching between Vlans

    Posted Oct 28, 2014 12:12 PM

    Controller: 6.3.1.12

    Clearpass:  6.4.0.66263

    AP: Campus AP-225

     

    Vlan 926: User/computer vlan

    Vlan 925: Executive Vlan

     

     

    Issue: User not able to login into domain. Gets "no logon server available".

     

    Symptom: User computer boots up. I see within Clearpass Asset Tracker that the computer account get an ip on Vlan 926 and was assigned the “machine auth” profile (internal access allow). Next, the user input their login credential and get a “no logon server available”, unable to join SSID-Name. When I checked Clearpass again, I see the user status shown as allow/accept and was assign the correct role. Also the user was given the correct vlan (now switch to vlan925). What I think the issue here is that when we switch Vlan from Computer Auth to Users/Computer auth (Executive), the controller or AP is not doing it fast enough to hand out an ip going from vlan926 to Vlan925. Is there a known issue that anyone knows off switching between vlan on the Aruba wireless?

     

    If i removed the user (a VP) from the executive AD group and add him to the normal user group. He can login just fine, that because his machin auth and user auth are on the same vlan 926. He does not have to switch between vlans.

     

    Thanks,

    Chan K.

     

     



  • 2.  RE: Wireless user unable to login - Switching between Vlans

    Posted Oct 28, 2014 11:20 PM

    This Should work just find you might have an issues with your rules/role mapping. try changing the enforcement provile value to return the users vlan (form executive) to see if the issue still happens.  it would be odd to get a No Logon Server error message before the user has even logged in.  

     

    Do you have any ACL on the L3 interfaces for each VLAN?

     

     



  • 3.  RE: Wireless user unable to login - Switching between Vlans
    Best Answer

    EMPLOYEE
    Posted Oct 29, 2014 01:46 AM
    @chan.khen wrote:

    Controller: 6.3.1.12

    Clearpass:  6.4.0.66263

    AP: Campus AP-225

     

    Vlan 926: User/computer vlan

    Vlan 925: Executive Vlan

     

     

    Issue: User not able to login into domain. Gets "no logon server available".

     

    Symptom: User computer boots up. I see within Clearpass Asset Tracker that the computer account get an ip on Vlan 926 and was assigned the “machine auth” profile (internal access allow). Next, the user input their login credential and get a “no logon server available”, unable to join SSID-Name. When I checked Clearpass again, I see the user status shown as allow/accept and was assign the correct role. Also the user was given the correct vlan (now switch to vlan925). What I think the issue here is that when we switch Vlan from Computer Auth to Users/Computer auth (Executive), the controller or AP is not doing it fast enough to hand out an ip going from vlan926 to Vlan925. Is there a known issue that anyone knows off switching between vlan on the Aruba wireless?

     

    If i removed the user (a VP) from the executive AD group and add him to the normal user group. He can login just fine, that because his machin auth and user auth are on the same vlan 926. He does not have to switch between vlans.

     

    Thanks,

    Chan K.

     

     

    It needs to be on the same VLAN, unfortunately.  The netlogon process is not designed to work when the underlying VLAN is switched.



  • 4.  RE: Wireless user unable to login - Switching between Vlans

    Posted Oct 29, 2014 11:38 AM

    Thanks Colin. I make it one Vlan then.

     

    Chan K.