With WiFi uplink, the virtual controller IP address may change, depending on what you configured:
When Wi-Fi uplink is enabled, the IP assignment for clients (including the Instant AP itself) can be either Virtual Controller managed or Network assigned. If it is set to Network assigned, the Instant AP will obtain an IP address from the uplink network, which could cause you to lose the management connection if the new IP is different from what you were using before.
The documentation states:
"When Wi-Fi uplink is enabled, IP assignment for clients can either be Virtual Controller managed or Network assigned. To configure client IP assignment, see Configuring VLAN Settings for a WLAN SSID Profile"
As this is a quite specific configuration, and with changing IP addresses, and DNS caching on the client, it may become somewhat complex to troubleshoot. As there has not been a response yet, working with TAC may provide access to better troubleshooting.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 13, 2024 01:30 PM
From: davio
Subject: Managing an IAP whilst wifi uplink is configured
Hi everyone :)
My first post here, exciting!
I'm relatively new to Aruba, so I'll start with an apology ref my terminology etc, but hopefully what I'm trying articulate is clear.
I have a scenario wherein a number of PCs, without wireless cards (and cannot have wireless cards fitted), need to communicate with a device with a built in access point.
IE
PC X ----ethernet port----ethernet switch---- want to get over here -> client broadcasting SSID X
I've managed to, on the face of it, achieve the initial goal by installing a 505 operating as an IAP and specifically enabled the wifi uplink, entering the details for the upstream AP and then bridging the traffic onto the ethernet interface, which is in turn connected to the same ethernet switch above into the same vlan as PC X
IE
PC X ----ethernet port----ethernet switch vlan X----IAP505 with wifi uplink and traffic bridged to eth0 <------->client broadcasting SSID X
The upshot is that PC X can now successfully talk to the client. Win.
However ....
The minute the IAP505 successfully negotiates with the upstream client and the wifi uplink comes up on the IAP505 I loose management of the IAP505 from PC X - I CAN however successfully manage the AP from the upstream client, but, for reasons I won't go into immediately (but can if anyone thinks it's important), this isn't ideal and I want to be able to manage the IAP505 from PC X regardless of whether the wifi uplink towards the upstream client is up or down. Frustratingly it also seems that once the wifi uplink has come up, even if it then comes down (if the upstream client is turned off) I still can't manage the IAP505 and have to reboot it to regain management from PC X (I swear when I initially tested it became reachable again after lets say 10 mins of the wifi uplink being down, but having come to site today to take a look at this again I can no longer repeat this behaviour)
Ultimately I'm getting to the stage where I feel I'm either missing something, don't understand what I'm doing, or this just isn't possible.
Insight, help, comments etc all welcome and appreciate your time at least reading this!
Full redacted config below, appreciate 90% is irrelevant, but thought best to share everything so you have the full picture :)
Regards
Frustrated engineer :)
**********************************************
version 8.10.0.0-8.10.0syslocation GANTRYvirtual-controller-country GBvirtual-controller-key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXname "ONB CAMERA HUB AP"terminal-accessclock timezone none 00 00rf-band all!allow-new-aps!allowed-ap XX:XX:XX:XX:XX:XX!
arm wide-bands 5ghz 80mhz-support min-tx-power 9 max-tx-power 127 band-steering-mode prefer-5ghz air-time-fairness-mode default-access channel-quality-aware-arm-disable client-aware scanning!rf dot11g-radio-profile max-distance 0 max-tx-power 9 min-tx-power 6 disable-arm-wids-functions off free-channel-index 40!rf dot11a-radio-profile max-distance 0 max-tx-power 18 min-tx-power 12 disable-arm-wids-functions off!
syslog-level warn ap-debug syslog-level warn network syslog-level warn security syslog-level warn system syslog-level warn user syslog-level warn user-debug syslog-level warn wireless !hash-mgmt-passwordhash-mgmt-user admin password hash XXXXXXXXXXXXXXXX!wlan access-rule wired-SetMeUp index 0 rule masterip 0.0.0.0 match tcp 80 80 permit rule masterip 0.0.0.0 match tcp 4343 4343 permit rule any any match udp 67 68 permit rule any any match udp 53 53 permit!wlan access-rule "ONB CAMERA HUB" index 1 rule any any match any any any permit!auth-survivability cache-time-out 24!wlan external-captive-portal server localhost port 80 url "/" auth-text "Authenticated" auto-whitelist-disable https!blacklist-time 3600auth-failure-blacklist-time 3600!ids wireless-containment none!wired-port-profile wired-SetMeUp switchport-mode access allowed-vlan all native-vlan guest no shutdown access-rule-name wired-SetMeUp speed auto duplex auto no poe type guest captive-portal disable no dot1x!wired-port-profile "ONB CAMERA HUB" switchport-mode access allowed-vlan all native-vlan 1 trusted no shutdown access-rule-name "ONB CAMERA HUB" speed auto duplex auto no poe type employee auth-server InternalServer captive-portal disable no dot1x!!enet0-port-profile "ONB CAMERA HUB"enet1-port-profile "ONB CAMERA HUB"enet2-port-profile "ONB CAMERA HUB"enet3-port-profile "ONB CAMERA HUB"enet4-port-profile "ONB CAMERA HUB"!wlan sta-profile essid "XXXXXXXXXXXXXXXXXX" cipher-suite wpa2-ccmp-psk wpa-passphrase XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX uplink-band dot11a!uplink no preemption enforce wifi failover-internet-pkt-lost-cnt 10 failover-internet-pkt-send-freq 30 failover-vpn-timeout 180 uplink-priority ethernet 9 uplink-priority wifi 8 uplink-priority cellular 10!airgroup disable!airgroupservice airplay disable description AirPlay!airgroupservice airprint disable description AirPrint!cluster-security allow-low-assurance-devices