ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 11
Registered: ‎04-24-2008

Master/Local connectivity lost

I'm having problems with local controllers randomly losing connectivity to Master. All are running same AOS v.5.0.2.1 and have been stable for several months but occassionally, one will stop talking to the master at which point, executing 'show crypto ipsec sa' shows '%No active IPSEC SA'. I have turned off encryption and compared the keys and they have not changed. Each time this has occurred, I have had to reboot the local and/or master to restore the connection. Once restored, the affected local will run happily but another local may fail within a few weeks. Is there anyway to restore the connection by restarting a process rather than rebooting? Is this likely to be a bug in the curent release?
Guru Elite
Posts: 20,407
Registered: ‎03-29-2007

Re: Master/Local connectivity lost

On the commandline, please try:

process restart isakmpd

to see if that will work.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎04-24-2008

Re: Master/Local connectivity lost

I've restarted the process and can see it has restarted (show proc mon stat) but it's still no active ipsec sa.
Guru Elite
Posts: 20,407
Registered: ‎03-29-2007

Re: Master/Local connectivity lost

Please try it on the local. The local initiates the connection to the master. This is not guaranteed to work.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎04-24-2008

Re: Master/Local connectivity lost

I did try this on the local. As the master still has active connections to 20 other local controllers, I was reluctant to do anything to affect other sites.
Guru Elite
Posts: 20,407
Registered: ‎03-29-2007

Re: Master/Local connectivity lost

Do a show datapath session table on the local and see if the local is trying to initiate a connection. Is there a firewall between the controllers?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Master/Local connectivity lost

Just a random shot in the dark here, but I had a similar issue in my SWDI course. The problem was that the DHCP scope overlapped the local controller IP address.

Zach
Thanks,

Zach Jennings
Occasional Contributor II
Posts: 11
Registered: ‎04-24-2008

Re: Master/Local connectivity lost

On the local I can see:

Local > Master tcp(6) 56575 8211 dest local (YC)
Local > Master udp(17) 8209 8209 dest local (FC)
Local > Master udp(17) 4500 4500 dest local (FC)
Master > Local tcp(6) 8211 56575 dest local (Y)
Master > Local udp(17) 4500 4500 dest local (FY)
Master > Local udp(17) 8209 8209 dest local (FY)
Occasional Contributor II
Posts: 11
Registered: ‎04-24-2008

Re: Master/Local connectivity lost

There is a firewall in the path, although it allows through virtually any ports and since all controllers are part of the same ruleset, it seems unlikely that anything has changed.
Guru Elite
Posts: 20,407
Registered: ‎03-29-2007

Re: Master/Local connectivity lost

Okay. Let's do this by the book. ON the local:

config t
logging level debugging security subcat ike



Do a "show datapath tunnel table" to make sure there is a tunnel to the master.

Like you metioned, do a "show crypto ipsec sa"

Do a "show log security 50" and do a "show log system all | include cfgm"

Paste in your output here

Do all this


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: