ArubaOS and Controllers

Reply
Occasional Contributor II

Controller-Ip and Trusted Ports

I'm running code 3.4.2.4 and today attempted to set up a new M3 controller alongside my current environment. I ran into a lot of snags but the one that took me the longest to solve was the trusted port problem. I was unaware that if I changed the controller ip/main management ip to something other than vlan1 that I had to make sure the physical port was trusted in order to re-access the WebUI Mgmt. After I type in trusted in the CLI under the appropriate interface, I was back in business. Just thought I would throw this out there in case someone else ran into this issue.

Angela
Guru Elite

Show audit-trail


I'm running code 3.4.2.4 and today attempted to set up a new M3 controller alongside my current environment. I ran into a lot of snags but the one that took me the longest to solve was the trusted port problem. I was unaware that if I changed the controller ip/main management ip to something other than vlan1 that I had to make sure the physical port was trusted in order to re-access the WebUI Mgmt. After I type in trusted in the CLI under the appropriate interface, I was back in business. Just thought I would throw this out there in case someone else ran into this issue.

Angela




Show audit-trail is your friend. By default all interfaces and VLANs are trusted. Unless something has changed recently, just changing the controller-ip should not make a port or VLAN untrusted. Do a "show audit-trail" to see how the port became untrusted.
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: Controller-Ip and Trusted Ports

Thanks for the reply. Show audit-trail did not return anything surprising. But I had restarted the controller when I changed the controller-ip from loopback to be a controller-ip with a vlan.

However, when I look at all my other interfaces that are not currently being used, they are marked untrusted and I know I have not gone into each interface and issue an untrusted command. Maybe this has something to do with the fact that I chose to shutdown all interfaces when I first started up the controller?
Guru Elite

Untrusted

Shutting down interfaces also does not mark them untrusted. The only exception is if you create a port channel, by default it is untrusted. Yes, the audit trail clears everytime you reboot the controller, unfortunately.
******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: Controller-Ip and Trusted Ports

THANK YOU! I was totally clueless that I couldn't access the WebUI using any other IP than the one on the MGMT interface port... also my APs wouldn't start the TFTP transfer of their images. A simple "trusted" on the Port-Channel and I am good to go.

once again thanks for your post!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: