Derek, We have encountered the similar issue while we are using B@HWC and just like you said that sometime the client would end up B@AP. After digging around, I think we have resolve the issue awhile back. Please note that this is awhile back, and it is not documented by GTAC so, please give it a try.
In the VNS configuration, by default, there are some WLAN services which default Topology is left as "blank" (eg. As "-")" according to the GTAC, they said that the default behavior of HWC will just forward to the default physical port out. However, we found that it is not 100% true. The HWC sometime, during the authentication state; HWC will get confused. (lack of better terms) In that situation, the user MAC address supposedly get dump on the HWC port, but it end up bleeding out on the switch port AP plugs into (another lack of better terms). So, after consulting with GTAC, without a better solution, we just assign every Default Topology with a specific VLAN topology. (we are using multiple WLAN Services). The problem is no longer reoccurring. We have also tested that to encrypt the channel between HWC and AP, did not resolve the bleeding out AP issue. ( B@HWC just encapsulate, not encrypt) Once again, this is purely speculative on our part of HWC behavior. Somehow we got lucky and resolved the issue. We configured the HWC on every segment of VNS config to tell the default topology to linked to a specific VLAN and stay away from using physical port unless the VNS is designed to do so. We don't have any problem since. Hope these tips can help you. Charles Yang Sr. Network Security Architect VTSP, ESC-Policy, ESC-NAC, C: (617) 651-0499 O: (617) 568-7416 Jacobs Technology Inc. Advance Consulting Group From: [email protected] [mailto:[email protected]] Sent: Tuesday, November 12, 2013 3:46 PM To: Enterasys Customer Mailing List Subject: Re: [enterasys] Wireless 8.31 Bridging at AP unexpectedly I was seeing this on 08.31 as well. Even with B@HWC topology, clients would sometimes end up on the AP's vlan even when assigned the correct role. Usually cleared up with a disassociate/reassociate. Does that sound like what you're seeing? I upgraded to 08.32.01.0035 this morning and - so far - haven't seen any clients assigned an IP from the AP DHCP pool, though haven't had chance for more than a couple casual glances... Derek Johnson | Data Communications Coordinator FORT HAYS STATE UNIVERSITY 415 Lyman Dr. TH 101, Hays, KS 67601 (785) 628 - 5688 | [email protected]<mailto:[email protected]> From: John Kaftan <[email protected]<mailto:[email protected]>> To: "Enterasys Customer Mailing List" <[email protected]<mailto:[email protected]>> Date: 11/12/2013 02:35 PM Subject: [enterasys] Wireless 8.31 Bridging at AP unexpectedly ________________________________ Hello: We have upgraded to 8.31 and are now managing our policy from PM. We are having issues with some APs bridging some clients at the AP. I assume that is what is happening because clients are getting on the same network that the APs are on. This should not be the case because all of my VNS topologies are bridging at the controller. It is pretty darn freaky since that setting is set a the WLAN Service\Role level. Has anyone else seen this issue? I'm freaking. This causes big problems as security is bypassed as well as the wireless clients are eating up all of the IPs on the LAN network and my wired clients cannot connect. -- John Kaftan IT Infrastructure Manager Utica College * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
