ArubaOS and Controllers

Reply
Frequent Contributor II

Standalone controller to Local controller.

Hi,
anyone know if there is another way to convert standalone controller to master controller rather then web wizard?

i make the web wizard selectin master but at the end the controller doens't require reboot and if i reboot manually every time i make wizard see local controller as standalone as default value.

it's possible any operation via cli?

my issue is that i know standalone controller doesn't terminae ipsec vpn while master terminate local ipsec tunnel.

how can i check if controller is master or standalone too?
Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Aruba Employee

Re: Standalone controller to Local controller.

Howdy Andrea...

A standalone controller effectively *IS* a master controller. The web wizard differentiates the two purely from the perspective that a standalone controller is a master with no locals, where a master controller would also have local controller configured.

To add local controllers to an existing standalone, all you need to do is update the local controller IPSec keys entries on the standalone to allow the locals to connect.

Hope that helps.

Charlie
Frequent Contributor II

Re: Standalone controller to Local controller.

so it's a fake the info the trainer give us during bootcamp that a standalone controller never terminate ipsec tunnel while master will do?
Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Frequent Contributor II

Re: Standalone controller to Local controller.

with "show datapath session" command i can see ipsec tunnel on local but not on master so i start to think about erroneous configuration on external firewall rules (managed by another person)
Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Frequent Contributor II

Re: Standalone controller to Local controller.

another question:
master-local ipsec create a tunnel from local to master... it possible to set the master call the local?
(because if it's possibile i bypass nat issue with an public ip on local).
Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Guru Elite

Re: Standalone controller to Local controller.

The local controller always initiates the traffic to the master.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Standalone controller to Local controller.

finally i open a ticket to TAC and we found it's a bug... or better... a not documented behaviour.

i ask to update the new Aruba Os manual.

Actually local controller cannot initiate a vpn connection to master if calling interface take an ip address via ppoe. (even if is always the same).

as support told me i've to put a router/firewall behind, terminate the ppoe account on that router and give a fixed ip address to aruba

then nat ipsec tunnel to aruba
Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: