Wireless Access

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

We need the ACLs in the user role to determine what could be happening. 

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

Do you use controller redundancy such as clusters or HA groups?

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

yes we are using conductor redundancy.

conductor-redundancy
conductor-vrrp 10
peer-ip-address "PEER IP Address" ipsec jnkdfnkl9238903249-

Do you use controller redundancy such as clusters or HA groups?

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

This is Conductor Layer 2 redundancy. The user traffic does not flow through mobility conductor, the redundancy does not effect the client behavior.

What about the controller? If controller redundancy is used, the client sessions are assigned to different WLAN controllers by load balancing. If VLAN tagging is different in controller ports or in switch ports, it will explain the client behavior.

Go to the WEB-GUI, find the 7210 controller in the configuration hierarchy and select it. Click on Configuration and then on Services. Is a cluster profile displayed at this point?

Also check HA Groups. Leave the controller selected and click on Configuration, Redundancy. Do you see groups under HA Groups?

yes we are using conductor redundancy.

conductor-redundancy
conductor-vrrp 10
peer-ip-address "PEER IP Address" ipsec jnkdfnkl9238903249-

Do you use controller redundancy such as clusters or HA groups?

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

No there is no such HA and cluster configuration. Attached is the screenshot.

This is Conductor Layer 2 redundancy. The user traffic does not flow through mobility conductor, the redundancy does not effect the client behavior.

What about the controller? If controller redundancy is used, the client sessions are assigned to different WLAN controllers by load balancing. If VLAN tagging is different in controller ports or in switch ports, it will explain the client behavior.

Go to the WEB-GUI, find the 7210 controller in the configuration hierarchy and select it. Click on Configuration and then on Services. Is a cluster profile displayed at this point?

Also check HA Groups. Leave the controller selected and click on Configuration, Redundancy. Do you see groups under HA Groups?

yes we are using conductor redundancy.

conductor-redundancy
conductor-vrrp 10
peer-ip-address "PEER IP Address" ipsec jnkdfnkl9238903249-

Do you use controller redundancy such as clusters or HA groups?

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

OK, I have to correct my statement, your screenshots tell me that you have two standalone mobility controllers - without mobility conductor. These controllers are set up with master-backup master redundancy.

However, the client problems are probably due to the clients connecting to different controllers. Check whether the VLANs are tagged correctly on both controllers. As well as switchport tagging, where the controllers are connected.

No there is no such HA and cluster configuration. Attached is the screenshot.

This is Conductor Layer 2 redundancy. The user traffic does not flow through mobility conductor, the redundancy does not effect the client behavior.

What about the controller? If controller redundancy is used, the client sessions are assigned to different WLAN controllers by load balancing. If VLAN tagging is different in controller ports or in switch ports, it will explain the client behavior.

Go to the WEB-GUI, find the 7210 controller in the configuration hierarchy and select it. Click on Configuration and then on Services. Is a cluster profile displayed at this point?

Also check HA Groups. Leave the controller selected and click on Configuration, Redundancy. Do you see groups under HA Groups?

yes we are using conductor redundancy.

conductor-redundancy
conductor-vrrp 10
peer-ip-address "PEER IP Address" ipsec jnkdfnkl9238903249-

Do you use controller redundancy such as clusters or HA groups?

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

Your setup is correct in parts, but there's likely a small misconfig in:

• Guest role rules

• Switch relay setup

• Or DHCP response path

Fix these and your guest Wi-Fi will become stable.

Original Message:
Sent: Apr 04, 2025 04:57 AM
From: manish16842
Subject: client in guest vlan get ip address randomly for open ssid.

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

i have configured ip-helper under layer 3 vlan interface on core switch as follows:-

interface vlan GuestVlanID
    vsx-sync active-gateways policies
    ip address CoreSwitch-1-AssignedIP
    active-gateway ip mac 02:02:00:00:17:00
    active-gateway ip CommonIP-BW-CoreSwitches
    ip helper-address DHCPServerIP

Guest get assigned the PRELOGON ROLE before authentication, where it should get ip from dhcp. So respective ACLs(logon and captive portal) are allowed. i have attached those role ACLs in above thread.

From core switch(acting as Dhcp relay) dhcp discover should go to dhcp server. Dhcp server is behind the firewall. but since some client are getting IPs, so it should have been working.

Just to add, we are using tunnel mode. So all vlans data( guest and corporate) get encapsulated in one ap to controller vlan. Controller de-encapsulate that data and send to core switches according to respective vlan. i was trying to get the debug output for dhcp relay in aruba8320cx switches but not able to get using following commands:-

debug destination buffer

debug dhcprelay all

sh logging -c dhcp-relay -r

Original Message:
Sent: Apr 05, 2025 06:19 AM
From: cskumawat
Subject: client in guest vlan get ip address randomly for open ssid.

Your setup is correct in parts, but there's likely a small misconfig in:

• Guest role rules

• Switch relay setup

• Or DHCP response path

Fix these and your guest Wi-Fi will become stable.

Original Message:
Sent: Apr 04, 2025 04:57 AM
From: manish16842
Subject: client in guest vlan get ip address randomly for open ssid.

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

i have configured ip-helper under layer 3 vlan interface on core switch as follows:-

interface vlan GuestVlanID
    vsx-sync active-gateways policies
    ip address CoreSwitch-1-AssignedIP
    active-gateway ip mac 02:02:00:00:17:00
    active-gateway ip CommonIP-BW-CoreSwitches
    ip helper-address DHCPServerIP

Guest get assigned the PRELOGON ROLE before authentication, where it should get ip from dhcp. So respective ACLs(logon and captive portal) are allowed. i have attached those role ACLs in above thread.

From core switch(acting as Dhcp relay) dhcp discover should go to dhcp server. Dhcp server is behind the firewall. but since some client are getting IPs, so it should have been working.

Just to add, we are using tunnel mode. So all vlans data( guest and corporate) get encapsulated in one ap to controller vlan. Controller de-encapsulate that data and send to core switches according to respective vlan. i was trying to get the debug output for dhcp relay in aruba8320cx switches but not able to get using following commands:-

debug destination buffer

debug dhcprelay all

sh logging -c dhcp-relay -r

Original Message:
Sent: Apr 05, 2025 06:19 AM
From: cskumawat
Subject: client in guest vlan get ip address randomly for open ssid.

Your setup is correct in parts, but there's likely a small misconfig in:

• Guest role rules

• Switch relay setup

• Or DHCP response path

Fix these and your guest Wi-Fi will become stable.

Original Message:
Sent: Apr 04, 2025 04:57 AM
From: manish16842
Subject: client in guest vlan get ip address randomly for open ssid.

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client. 

Thanks for sharing that. is there any other commond to check dhcp relay messages in aruba 8320x switches. 

debug destination buffer

debug dhcprelay all

sh logging -c dhcp-relay -r

i have configured ip-helper under layer 3 vlan interface on core switch as follows:-

interface vlan GuestVlanID
    vsx-sync active-gateways policies
    ip address CoreSwitch-1-AssignedIP
    active-gateway ip mac 02:02:00:00:17:00
    active-gateway ip CommonIP-BW-CoreSwitches
    ip helper-address DHCPServerIP

Guest get assigned the PRELOGON ROLE before authentication, where it should get ip from dhcp. So respective ACLs(logon and captive portal) are allowed. i have attached those role ACLs in above thread.

From core switch(acting as Dhcp relay) dhcp discover should go to dhcp server. Dhcp server is behind the firewall. but since some client are getting IPs, so it should have been working.

Just to add, we are using tunnel mode. So all vlans data( guest and corporate) get encapsulated in one ap to controller vlan. Controller de-encapsulate that data and send to core switches according to respective vlan. i was trying to get the debug output for dhcp relay in aruba8320cx switches but not able to get using following commands:-

debug destination buffer

debug dhcprelay all

sh logging -c dhcp-relay -r

Original Message:
Sent: Apr 05, 2025 06:19 AM
From: cskumawat
Subject: client in guest vlan get ip address randomly for open ssid.

Your setup is correct in parts, but there's likely a small misconfig in:

• Guest role rules

• Switch relay setup

• Or DHCP response path

Fix these and your guest Wi-Fi will become stable.

Original Message:
Sent: Apr 04, 2025 04:57 AM
From: manish16842
Subject: client in guest vlan get ip address randomly for open ssid.

Dear all,

I have ArubaOS (MODEL: Aruba7210), Version 8.10.0.2 LSR. and it is configured for local authentication of guest user through open ssid and captive portal. We have windows server 2019 acting as dhcp server. and aruba 8320 cx core switches are acting as dhcp relay. client connect to guest ssid and got assigned to vlan 205. and then it gets ip from the dhcp server. sometime client get the ip and sometimes they don't. i have captured the debug output of 2 clients. one is getting the ip other is not. even the one which is getting ip, earlier it was not getting its ip and suddenly it got the ip. i can see in wireshark installed on client , it sends dhcp discover message but not getting any reply back. debug output is attached for both client.