ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 10
Registered: ‎04-19-2011

local Cannot heartbeat with the master

cfgm: <307016> |cfgm| Cannot heartbeat with the master.

I had 3400 for master and 3200 local . both running on OS version 3.4.2.0 . I had configuration master-local structure around 5-6 month ago and work correctly but now master detect local as down stage and local has process log that show above. I had check another network device on the same network can reach across wan link but only master IP and local IP can't ping or reach together please suggest way to solve or define problem.

Chaiyapruk
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: local Cannot heartbeat with the master

1) Make sure each controller is trying to find the other from a protocol perspective:

"show datapath session table " Check to see if that output contains UDP 4500 traffic

(2) If that is the case, see if there is a "security association":

"show crypto ipsec sa"

(3) If that does not exist, please check or re-enter the preshared key on the master and local controllers


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎04-19-2011

Re: local Cannot heartbeat with the master

Thank you cjoseph I had change IPsec KEY both master and local before but after I had command show crypto ipsec sa on local the result does not exist can you suggest next step for solve it... :D
Occasional Contributor II
Posts: 10
Registered: ‎04-19-2011

Re: local Cannot heartbeat with the master

203.158.220.2 203.158.216.37 17 4500 4500 0 0 0 1 local 20d FY
203.158.216.37 203.158.220.2 17 4500 4500 0 0 0 0 local 20d FC

#show crypto ipsec sa

% No active IPSEC SA

That sesult after change IPsec KEY
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: local Cannot heartbeat with the master


203.158.220.2 203.158.216.37 17 4500 4500 0 0 0 1 local 20d FY
203.158.216.37 203.158.220.2 17 4500 4500 0 0 0 0 local 20d FC

#show crypto ipsec sa

% No active IPSEC SA

That sesult after change IPsec KEY




Okay. Let us start some logging:

config t
logging level debugging security process aaa
logging level debugging security subcat ike
logging level debugging security process authmgr
logging level debugging security process crypto


Wait for about 1 minute then type:



Paste that output into here


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎04-19-2011

Re: local Cannot heartbeat with the master

Jun 8 22:19:01 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:01 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:01 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:01 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:01 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:01 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:01 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:01 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:01 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:01 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:02 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:02 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:02 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:02 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:02 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:02 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:02 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:02 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:02 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:02 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:03 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:03 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:03 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:04 :124004: |authmgr| Rx message 0/67108864, length 213 from 127.0.0
.1:8345
Jun 8 22:19:04 :124004: |authmgr| stm_message_handler : msg_type 3007
Jun 8 22:19:04 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:04 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:04 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:04 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:04 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:05 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:05 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:05 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:05 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:05 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:05 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:05 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:05 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:05 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:05 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:06 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:06 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:06 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:06 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:06 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Jun 8 22:19:06 :103060: |ike| ipc.c:ipc_sibyte_siteVPN:1666 Received IKE trigger
for 203.158.220.2/255.255.255.255
Jun 8 22:19:06 :103060: |ike| exchange.c:exchange_ike_negotiate:2560 Found polic
y for dest-net 203.158.220.2/255.255.255.255 with peer gw 203.158.220.2
Jun 8 22:19:06 :103060: |ike| if.c:GetIneterfaceAddrByVlanId:292 Found vlan id 1
for interface eth1.1 ip 203.158.216.37
Jun 8 22:19:06 :103060: |ike| ipc.c:controlplaneArpModify:2587 Failed to Delete
ARP 203.158.220.2 errno 6
Jun 8 22:19:06 :103060: |ike| exchange.c:exchange_establish_p1:947 : 203.158.220
.2 exchange already exists
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: local Cannot heartbeat with the master

Can you execute those logging commands on the other side, as well?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎04-19-2011

Re: local Cannot heartbeat with the master

unfortunately the Master controller has error occur when i try to Diagnostics > SSH Client Terminal on web GUI.
Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: local Cannot heartbeat with the master

Please use a dedicated SSH client like putty to get into the local controller....


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 10
Registered: ‎04-19-2011

Re: local Cannot heartbeat with the master

from master
show datapath session table
no output appear

show crypto ipsec sa
no detail of 203.158.216.37
Search Airheads
Showing results for 
Search instead for 
Did you mean: