Main Nav

Message from jmkeller@houseofzen.org

Content preview: All, Running into an issue with a pilot Aruba set up. Each LAN segment is off a core firewall. Each interface for a user LAN has DHCP helper pointed at a locally connected (to the firewall) Windows 2003 server with DHCP service running. All the normal clients (XP, Vista, Win7, OSX, etc) can pull DHCP addresses without a problem. However we are having issues with the 135 Campus AP units, they DHCP from the prom boot fine and are assigned an address/net-mask/gateway/domain, etc. They then use the magic host name + DHCP domain to get to the master controller. They then do the tftp for the OS load. However after booting into the tftp'ed image and running DHCP client again from the OS they are unable to get a response from the Windows 2003 server. Packet captures confirm 0.0.0.0 > 255.255.255.255 packets from the APs just like the windows/osx hosts on the same network are being relayed by the DHCP helper configuration on the gateway/core firewall. However, in the case of the 135 APs, there is no DHCP OFFER response from the Windows server to the OS initiated DHCP DISCOVER packets. [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] All, Running into an issue with a pilot Aruba set up. Each LAN segment is off a core firewall. Each interface for a user LAN has DHCP helper pointed at a locally connected (to the firewall) Windows 2003 server with DHCP service running. All the normal clients (XP, Vista, Win7, OSX, etc) can pull DHCP addresses without a problem. However we are having issues with the 135 Campus AP units, they DHCP from the prom boot fine and are assigned an address/net-mask/gateway/domain, etc. They then use the magic host name + DHCP domain to get to the master controller. They then do the tftp for the OS load. However after booting into the tftp'ed image and running DHCP client again from the OS they are unable to get a response from the Windows 2003 server. Packet captures confirm 0.0.0.0 > 255.255.255.255 packets from the APs just like the windows/osx hosts on the same network are being relayed by the DHCP helper configuration on the gateway/core firewall. However, in the case of the 135 APs, there is no DHCP OFFER response from the Windows server to the OS initiated DHCP DISCOVER packets. We also got in some RAP-2WG units to test, and I'm finding they DHCP fine on a home network - but are displaying the same issue as the 135's after booting the OS on a local LAN connection - that they are being ignored by the Windows DHCP server (from the start, vs after OS boot for the 135s). We did a work around, and enabled DHCP scopes on the master controller and changed the DHCP helper on the test LAN to the controller and this worked. So it's apparently something specific to the Windows 2003 DHCP server and not the firewall or APs. We obviously would prefer DHCP be centrally manged in one place vs having to do one-off scopes on the controller. Has anyone else run into something like this? I'm in the 'we can't be the only ones to see this' mode, but haven't found anything via Google that fits the issue. Thanks in advance. -- --- James M Keller ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from zjennings@wcupa.edu

James, What Aruba OS version are you running? You can find that on the Maintenance page on the controller. It will be the Partition labeled "**default boot**". Zach Jennings Senior Network Server Manager Aruba Certified Mobility Professional, Airheads MVP West Chester University of PA 610-436-1069
Hi James, I'm probably over my head here, so forgive me if this seems clueless, and maybe I can learn something. (Also, we have Cicso wireless, so I really don't know for Aruba.) But:
Oops.
There is, of course, the crucial difference that DNS is trivially routable and DHCP is rather another matter. If they're not succeeding or failing in the same ways, that could point towards an understanding of why not.... David Gillett CCNP CISSP -----Original Message----- From: Steve Bohrer [mailto:skbohrer@SIMONS-ROCK.EDU] Sent: Tuesday, January 17, 2012 15:38 To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Aruba and Windows 2003 DHCP issue. Oops.
Message from bosborne@liberty.edu

James, We are running AP-125 and AP-105 APs from a Server 2008R2 DHCP cluster with no issues. Is Dynamic ARP Inspection, DHCP Snooping, or IP Source Guard (Cisco terms) enabled on the AP ports? I know Aruba had an issue with early AP-125 APs and those services. You either had to disable those or manually update the firmware on the APs. You probably should open a ticket with Aruba TAC. If there is no DHCP OFFER, the Event Viewer logs on the DHCP server may provide some clues. Bruce Osborne Network Engineer IT Network Services   (434) 592-4229   LIBERTY UNIVERSITY 40 Years of Training Champions for Christ: 1971-2011
Message from jmkeller@houseofzen.org

Content preview: On 1/18/2012 8:54 AM, Osborne, Bruce W wrote: > James, > > We are running AP-125 and AP-105 APs from a Server 2008R2 DHCP cluster with no issues. Is Dynamic ARP Inspection, DHCP Snooping, or IP Source Guard (Cisco terms) enabled on the AP ports? I know Aruba had an issue with early AP-125 APs and those services. You either had to disable those or manually update the firmware on the APs. > > You probably should open a ticket with Aruba TAC. If there is no DHCP OFFER, the Event Viewer logs on the DHCP server may provide some clues. > > > Bruce Osborne > Network Engineer > IT Network Services > > (434) 592-4229 > > LIBERTY UNIVERSITY > 40 Years of Training Champions for Christ: 1971-2011 > [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] On 1/18/2012 8:54 AM, Osborne, Bruce W wrote: > James, > > We are running AP-125 and AP-105 APs from a Server 2008R2 DHCP cluster with no issues. Is Dynamic ARP Inspection, DHCP Snooping, or IP Source Guard (Cisco terms) enabled on the AP ports? I know Aruba had an issue with early AP-125 APs and those services. You either had to disable those or manually update the firmware on the APs. > > You probably should open a ticket with Aruba TAC. If there is no DHCP OFFER, the Event Viewer logs on the DHCP server may provide some clues. > > > Bruce Osborne > Network Engineer > IT Network Services > > (434) 592-4229 > > LIBERTY UNIVERSITY > 40 Years of Training Champions for Christ: 1971-2011 > So it looks like it may be the DHCP relay wait timer, but I'm still trying to work out the specifics of why that fixed it at another site yesterday. The Checkpoint firewalls that are the L3 gateways default to 3 seconds for DHCP relay forwarding. This is designed to allow a local broadcast domain DHCP server to respond first, and hence be first to respond with a DHCPOFFER. Another admin setting up his local test AP135s found mention of timer issues on an airheads thread and explicitly set the wait timer to 0 and got his APs working with DHCP after OS boot. Now my reading of the timer feature would be that the DHCP DISCOVER packets from the client wouldn't even be forwarded until the wait timer expired, but I was seeing them being sent right away. It would have to be a flag being set in the packet that was causing the Windows DHCP server to no respond as best as I can tell without having dug into the two dumps in detail. I'll follow up in the thread with some more detailed findings if I can for future reference. -- --- James M Keller ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.