ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 13
Registered: ‎06-16-2009

Large RAP deployment

Hello,


I was hoping I could get some help with resolving an issue we are seeing in our scenario. We have a 3 controller (6000/M3) setup with 700 RAP's terminated on the master and 215 on our first local. All of these devices sit behind an ASA with 1 to one external NAT's defined for each inside interface. The network guy at my job is noticing massive amounts of input errors on the switchport that connects the ASA to our core. He's pointing the finger at my controllers saying that the large amounts of data the controllers are pushing out to all off these external facing devices is causing the firewall to freak out (cpu spikes. micro bursts etc...) So...my question is...

Can someone help me describe what all happens in the IPSEC tunnel between the controller and a RAP. Outbound in particular. I understand that it's management frames and stuff like captive portal (we're running split captive portal) but what else is in there? Is there a diagram that defines exactly what is happening in that tunnel? Will Aruba OS 6 really help reduce the bandwidth requirement for RAP by 50%!!!? Please help.. Thanks.
Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Large RAP deployment

I would ask him to open a case with Cisco systems as to why their equipment is "freaking out". Input errors are normally due to two connected ports that are misconfigured or have not negotiated properly. To much traffic normally manifests itself as "drops" and not input errors. He should certainly get that checked with Cisco.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 13
Registered: ‎06-16-2009

Re: Large RAP deployment

I appreciate the response Colin. We'll continue to troubleshoot with Cisco. How about my question below is there any documentation in order to get answers for this?



Can someone help me describe what all happens in the IPSEC tunnel between the controller and a RAP. Outbound in particular. I understand that it's management frames and stuff like captive portal (we're running split captive portal) but what else is in there? Is there a diagram that defines exactly what is happening in that tunnel? Will Aruba OS 6 really help reduce the bandwidth requirement for RAP by 50%!!!? Please help.. Thanks.
Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Large RAP deployment

The ipsec tunnel is to transfer management as well as user traffic between the RAP and the controller and it should pretty much be seen as an ipsec tunnel by any device that passes the traffic. Management traffic includes access point power and channel information as well as IDS/IPS information, such as rogues and neighbor AP information

ArubaOS 6.0 does reduce the management traffic portion of the equation, but we have not seen any numbers in print by how much.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: