Wireless Access

Hi All

 

We just did a factory reset an Aruba 3400 wlan controller (version 6.4.2.17) to setup it since the very begining, but we found something that is bugging us very badly :( below what we have done:

 

we have added 2 vlans:

- 10 management

- 20 users01

 

Each vlan have an IP address and the default gateway is an IP on vlan 10 (all 2 ip addresses set in the aruba are reachable). My next step was to create the Virtual AP, we have SSID_01(802.1x) and SSID_02(WEP) (both Virtual AP have as suggested vlan 20). If one user tries to log into SSID_01 it is assigned to proper vlan and get proper IP address via DHCP, If the same user tries to log into SSID_02 which has WEP method it gets assigned to vlan 10 and getting an IP address of that vlan 10 segment. how is this possible? what am I missing?

 

in the past we had the same issue with SSID_01 which uses 802.1x auth method but somehow it started to work as expected.

 

thanks in advance!

Can you post the result of the following?

#show wlan virtual-ap <SSID_02 VAP Name>

there you go, thanks!

 

Virtual AP profile "SSID_01"
-----------------------------------
Parameter Value
--------- -----
AAA Profile default-open
802.11K Profile default
Hotspot 2.0 Profile N/A
SSID Profile SSID_01
Virtual AP enable Enabled
VLAN 20
Forward mode tunnel
Allowed band all
Band Steering Disabled
Steering Mode prefer-5ghz
Dynamic Multicast Optimization (DMO) Disabled
Dynamic Multicast Optimization (DMO) Threshold 6
Drop Broadcast and Unknown Multicast Disabled
Convert Broadcast ARP requests to unicast Enabled
Authentication Failure Blacklist Time 3600 sec
Blacklist Time 3600 sec
Deny inter user traffic Disabled
Deny time range N/A
DoS Prevention Disabled
HA Discovery on-association Enabled
Mobile IP Enabled
Preserve Client VLAN Enabled
Remote-AP Operation standard
Station Blacklisting Enabled
Strict Compliance Disabled
VLAN Mobility Enabled
FDB Update on Assoc Disabled
WMM Traffic Management Profile N/A

Ok, that's SSID_01 VAP not SSID_02.

What the initial role in the AAA profile for the VAP? Is there a VLAN set in there?

below more info.

 

 

What is the output of "show aaa state user <ip address of user>"?

 

http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/show_aaa_state_user_.htm

 

i have found something

 

VLAN Derivation History Index : 6
1. VLAN 0 for Reset VLANs for Station up
2. VLAN 20 for Default VLAN
3. VLAN 20 for Current VLAN updated
4. VLAN 10 for Initial Role Contained
5. VLAN 10 for Current VLAN updated
6. VLAN 10 for VLAN exported

Current VLAN : 10 (Initial Role Contained)

 

in my initial role if I move it to vlan 20 it doesnt even authenticate.

I believe my issue is something related to this... 

 

what do you think? what is the next move from here? @_@

since I have initial role: authenticated, just selected  Role Vlan ID: Not asigned and it was all.

 

everything is working fine now, thank you all, all the steps and tshoot sugestions here helped me to figure it out.

 

regards!