Wireless Access

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

What version of firmware is running on the AP?  Are all of the VLANs configured on the gateway?

What does the output of "show datapath bridge" look like?

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

hi - it is 10.4.1.9_93201 and yes all relevant vlans trunked to the gateway.  I dont see the clients when I run that command

What version of firmware is running on the AP?  Are all of the VLANs configured on the gateway?

What does the output of "show datapath bridge" look like?

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

AOS 10.4 doesn't have proper support for VLANs on the wired profile, upgrade to something newer.  At this point the recommendation would be 10.7.2.1.

hi - it is 10.4.1.9_93201 and yes all relevant vlans trunked to the gateway.  I dont see the clients when I run that command

What version of firmware is running on the AP?  Are all of the VLANs configured on the gateway?

What does the output of "show datapath bridge" look like?

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

Oh is that it?  Thank you, do you happen to have a doc that references this?

AOS 10.4 doesn't have proper support for VLANs on the wired profile, upgrade to something newer.  At this point the recommendation would be 10.7.2.1.

hi - it is 10.4.1.9_93201 and yes all relevant vlans trunked to the gateway.  I dont see the clients when I run that command

What version of firmware is running on the AP?  Are all of the VLANs configured on the gateway?

What does the output of "show datapath bridge" look like?

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

I think that is the most likely cause, but you'd need to upgrade and test to verify.  You can check the release notes for AOS 10.5, the change should be noted there.

Oh is that it?  Thank you, do you happen to have a doc that references this?

AOS 10.4 doesn't have proper support for VLANs on the wired profile, upgrade to something newer.  At this point the recommendation would be 10.7.2.1.

hi - it is 10.4.1.9_93201 and yes all relevant vlans trunked to the gateway.  I dont see the clients when I run that command

What version of firmware is running on the AP?  Are all of the VLANs configured on the gateway?

What does the output of "show datapath bridge" look like?

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.

Hi Francisco and thank you for the reply.  I want to state that and untagged/native VLAN traffic is being sent correctly through the tunnel, it is only tagged traffic that seems to make it to the AP but never get sent through the tunnel to the gateway.  As far as your checks:

1.2.3 =

wired-port-profile PortProfile-SwitchTrunk
 switchport-mode trunk
 allowed-vlan 32,1001,1108
 native-vlan 1108
 no shutdown
 access-rule-name PortProfile-SwitchTrunk
 speed auto
 duplex auto
 poe
 forward-mode l2
 type employee
 gw-profile PortProfile-SwitchTrunk_#1755089217402_7005#_
 gw-auth-server default
 captive-portal disable
 mac-authentication
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5

enet3-port-profile PortProfile-SwitchTrunk

4. I am indeed using Aruba Central.  The PBR is just an Any Any Any -> Forwards to Cluster and the role is essentially Allow Any to All + the PBR policy.

Hi friend.

Hi - we are having trouble getting a Wired Port Profile configured as a Trunk carrying tagged traffic working on a Microbranch AP.  The Microbranch AP is effectively working in CL2 mode and has a switch connected to one of its ports.  The untagged/native traffic is making it through the tunnel all the way through to the gateway and out the switch the gateway is connected to.  Tagged traffic doesn't appear to make it to the gateway whatsoever.  Is there a special way to configure this?  Has anyone had any luck with this setup.