cancel
Showing results for 
Search instead for 
Did you mean: 

I can't seem to make 3rd Party AP work.

I can't seem to make 3rd Party AP work.

Rahman_Duran1
New Contributor III
Hi,

We have 15 aruba IAP devices which I want to use them as 3. party AP on C5210 controller to utilize internal captive portal.

f69baa6377d749d8bcf1a1b4b86f92d3_RackMultipart20150626-12197-fywjn7-authcp_inline.png



I hook up the esa1 port to the swich and set the vlan tagging. Then I created a wlan on aruba and set it to vlan 60 tagged. Configured all the switches to pass vlan 60 so it can reach controller. I also created a dhcp pool on our dhcp server and configured it so vlan 60 clients use EWC interface ip (10.100.60.2) as their gateway.

So, I tried to connect to aruba but I can't seem to get ip address and connect to wlan. So what is wrong with my setup? Any hint on this is mostly wellcome.

Thanks,

Rahman
33 REPLIES 33

Jason1
Extreme Employee
Rahman,

Yes, let me know if that works for you. I have a basic set up on a 4110 with no authentication working (with a client directly connected or connected with a VLAN 20 port) .

I suspect the reason for the EWC misbehaving is some type of forwarding path issue where the reboot clears that until another config change?
Also, is it possible that your VLAN 60 has another route back to the 10.100.x.x network that is on the switch side, and not through the 192.x.x.x esa0 port?
I would recommending deleting and re-configuring from the beginning if possible. If not, then we can take a deeper dive into the configuration if need be. I have not seen that behavior in my lab scenario.

Regards,
Jason

Rahman_Duran1
New Contributor III
Thank you Jason for your helps. This seems the missing bit in my config. I will try it and inform you if it works.


Btw, any idea why ewc misbehave and need a reboot as I described?

Jason1
Extreme Employee
Rahman,

I don't think you can ping the 10.100.60.2 address because your clients are not authenticated. On my client report, there is a "green lock" denoting authentication. (Similar to the Apple device on eduroam with the 172.x.xx. address) On your list, I see the clients have a grey "unlocked" icon.

Can you disable authentication temporarily to test?

For an Internal Captive Portal deployment, you will want a Non-Auth Role (similar to the screen shot below, referenced in the knowledgebase link in my original post)

67b4559b7fdd4563b197b0d02d0e806f_RackMultipart20150701-30556-a0u5ui-3rd_Party_Non-Auth_inline.jpg



Regards,
Jason

Rahman_Duran1
New Contributor III
here clients with more columns:

1ec98d687a8f4dc992ceca5b7cb02162_RackMultipart20150701-5143-1557haf-clients_inline.png

Rahman_Duran1
New Contributor III
It is the same as what Jason posted. Here all the screenshots

f8508dc543794b319de86238c89310a5_RackMultipart20150701-9512-72mowu-vns_inline.png

:

f8508dc543794b319de86238c89310a5_RackMultipart20150701-3716-ys8dph-wlan-service-1_inline.png


f8508dc543794b319de86238c89310a5_RackMultipart20150701-10832-1pljwdw-wlan-service-2_inline.png


f8508dc543794b319de86238c89310a5_RackMultipart20150701-16888-mp00mz-role-1_inline.png


f8508dc543794b319de86238c89310a5_RackMultipart20150701-14741-7gski4-role-2_inline.png


f8508dc543794b319de86238c89310a5_RackMultipart20150701-17925-en9inq-topology_inline.png


GTM-P2G8KFN