MichaelBalack
asked on
Why Aruba APs can not renew the IPs for wireless clients?
Don't know whether it is a coincidence, since a firewall was setup, this aruba controller 800 and 10 APs do not seems to renew the IP for wireless clients. The problem is, user holding the iPAD can get a IP from any aruba AP, after that, if this use move out of the wireless area, and move in back again, he/she doesn't seem able to get a IP (renewed) again.
But, according to my co-worker, before the deployment of the above firewall, the problem wasn't there. There is only 1 network segment IPs was supported.
thanks,
But, according to my co-worker, before the deployment of the above firewall, the problem wasn't there. There is only 1 network segment IPs was supported.
thanks,
Have a look at firewall's dropped and/or rejected packets. You might find out that some DHCP traffic is denied.
ASKER
Hi Strivoli,
How see the mentioned firewall dropped/or reject packets?
How see the mentioned firewall dropped/or reject packets?
Set logging and inspect the log directly on the firewall or forward the logs to a syslog server for easier inspection.
Please post make and model of the firewall.
Please post make and model of the firewall.
ASKER
Hi Strivoli,
firewall model is: fortigate 200b. Unfortunately, the logging capabilty is quite less as you have to get a fortianalyzer.
But, why the firewall log as this firewall in the same network segments as aruba controller and APs...
firewall model is: fortigate 200b. Unfortunately, the logging capabilty is quite less as you have to get a fortianalyzer.
But, why the firewall log as this firewall in the same network segments as aruba controller and APs...
You wrote that the problem started since the firewall was setup. I suspect there's something wrong with the firewall. This is why checking the logs makes sense.
ASKER
Other than firewall, what has to be checked on aruba?
You can check aruba's logs as well. Logs usually tell you more than you can imagine.
I'll have a look at the firewall's user manual in order to check the logs properly.
I'll have a look at the firewall's user manual in order to check the logs properly.
Page 137 (attached) of the FortiOS 5.0.4 Install & System Administration shows you how to forward the logs to a syslog server.
If you don't have one yet, you can install Kiwi Syslog Server for Windows. There's a free version too.
Binder1.pdf
If you don't have one yet, you can install Kiwi Syslog Server for Windows. There's a free version too.
Binder1.pdf
need some more info:
how do clients authenticate?
what device is DHCP for the wireless clients?
does this happen to all type of devices?
you have no VLANs? All is running on VLAN1?
how do clients authenticate?
what device is DHCP for the wireless clients?
does this happen to all type of devices?
you have no VLANs? All is running on VLAN1?
ASKER
Using wep password for auth.
Aruba controller is the dhcp server.
only 1 vlan - vlan 1.
this happened to wireless...
Aruba controller is the dhcp server.
only 1 vlan - vlan 1.
this happened to wireless...
ASKER
Suggestion?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Jakob_di,
Where to check the firmware version. Sorry, I don't know cli command.
Where to run the command:
show log all | include (MAC-ADDRESS FOR ONE OF THE CLIENTS)
Can you show detailed step-by-step for the commands/operations that supposedly have to perform?
Where to check the firmware version. Sorry, I don't know cli command.
Where to run the command:
show log all | include (MAC-ADDRESS FOR ONE OF THE CLIENTS)
Can you show detailed step-by-step for the commands/operations that supposedly have to perform?
Do the clients have to pass through the firewall to get to the controller to obtain an IP address?
ASKER
No, not need.
SSH to Aruba Controllers IP-address
login with admin/PW
type following comands
if the prompt is like this > type enable and hit ENTER (Enter Enable Password)
if prompt is # - just carry on
Show image version - tells you firmware
login with admin/PW
type following comands
if the prompt is like this > type enable and hit ENTER (Enter Enable Password)
if prompt is # - just carry on
Show image version - tells you firmware
ASKER
3.1.1.9
try setting DHCP on Firewall instead.
Or upgrade controller firmware
How many clients? What scope do you have?
And another thing - I strongly recommend moving away from WEP (!!) and over to WPA2 if possible
Or upgrade controller firmware
How many clients? What scope do you have?
And another thing - I strongly recommend moving away from WEP (!!) and over to WPA2 if possible
ASKER
Hi Jacob_di,
Please see the answers:
try setting DHCP on Firewall instead.
ans - We cannot just change the DHCP to firewall. We need a reason to management
Or upgrade controller firmware
ans - The controller has no more service warranty, upgrading the controller firmware
is a risky business. Anyway, we'll try it
How many clients? What scope do you have?
ans - around 50+. There is only 1 scope, meant for a single network segment
And another thing - I strongly recommend moving away from WEP (!!) and over to WPA2 if possible
ans - For the sake of security?
Please see the answers:
try setting DHCP on Firewall instead.
ans - We cannot just change the DHCP to firewall. We need a reason to management
Or upgrade controller firmware
ans - The controller has no more service warranty, upgrading the controller firmware
is a risky business. Anyway, we'll try it
How many clients? What scope do you have?
ans - around 50+. There is only 1 scope, meant for a single network segment
And another thing - I strongly recommend moving away from WEP (!!) and over to WPA2 if possible
ans - For the sake of security?
ASKER
At the end, management allowed us to upgrade firmware. Now the firmware upgrade was done, and we will monitor for the status...
ASKER
The problem seems not more, ever since the controller's firmware was upgraded. We hesitate to upgrade it as this controller has not more hardware warranty with Aruba.