Environment : This article applies to all Aruba controller running ArubaOS version 6.3 and above.
First step would be to verify if the keepalives making through the GRE tunnels. This need to be verifies on both the end points.
Below command shows the tunnel statistics:
(Aruba) #show interface tunnel 1
Tunnel 1 is up line protocol is up
Description: Tunnel Interface
Source 10.17.169.69
Destination 10.17.169.67
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is enabled
Keepalive type is Default
Tunnel keepalive interval is 10 seconds, retries 3
Heartbeats sent 9012, Heartbeats lost 2
Tunnel is down 0 times
tunnel vlan 711,811
Note: In the above output, this end point has sent 9012 keepalives, whereas lost two keepalives from the other end point.
Secondly, use the below command to see the active tunnel in the tunnel group.
(Aruba) #show tunnel-group
Tunnel-Group Table Entries
--------------------------
Tunnel Group Mode Tunnel Group Id Preemptive Failover Active Tunnel Id Tunnel Members
------------ ---- --------------- -------------------- ---------------- --------------
Tunnel-Redundacny L2 16385 enabled 1 1 2
The encaps and decaps in the below datapath session output, actually shows the is the traffic is making through the tunnel.
(ArubaController1) #show datapath tunnel table
Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap, I - Wi-Fi encap, R - Wired tunnel, F - IP fragment OK
W - WEP, K - TKIP, A - AESCCM, G - AESGCM, M - no mcast src filtering
S - Single encrypt, U - Untagged, X - Tunneled node, 1(cert-id) - 802.1X Term-PEAP
2(cert-id) - 802.1X Term-TLS, T - Trusted, L - No looping, d - Drop Bcast/Unknown Mcast,
D - Decrypt tunnel, a - Reduce ARP packets in the air, e - EAPOL only
C - Prohibit new calls, P - Permanent, m - Convert multicast
n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
V - enforce user vlan(open clients only)
H - Standby (HA-Lite)
# Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Cpu QSz Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ------------------- ----------------- ---------- ---------- ---------- --- --- ----- ------------- -----------
12 10.17.169.69 10.17.169.67 47 1 1100 0 0 0 0 0 00:00:00:00:00:00 1049 7761 0 5 0 TEFPR
13 10.17.169.69 10.17.169.68 47 1 1100 0 0 0 0 0 00:00:00:00:00:00 0 855 0 6 0 TEFPRH
10 10.17.169.69 192.168.30.3 47 9000 1500 0 0 0 0 0 9C:1C:12:C3:97:60 95626 0 94829 7 0 TES
19 10.17.169.69 192.168.30.3 47 8330 1500 711 0 0 85 0 9C:1C:12:B9:76:03 2884 47 0 6 0 IMSPa
18 10.17.169.69 192.168.30.3 47 8320 1500 611 0 0 89 0 9C:1C:12:B9:76:02 2606 0 0 5 0 IMSPa
17 10.17.169.69 192.168.30.3 47 8310 1500 904 0 0 2 0 9C:1C:12:B9:76:01 1 0 0 7 16 IMASPadn
16 10.17.169.69 192.168.30.3 47 8300 1500 811 0 0 78 0 9C:1C:12:B9:76:00 3745 31 0 6 0 IMSPad
15 10.17.169.69 192.168.30.3 47 8230 1500 711 0 0 85 0 9C:1C:12:B9:76:13 6501 410 0 5 0 IMSPa
14 10.17.169.69 192.168.30.3 47 8220 1500 611 0 0 89 0 9C:1C:12:B9:76:12 5756 9 0 7 0 IMSPa
9 10.17.169.69 192.168.30.3 47 8210 1500 904 0 0 2 0 9C:1C:12:B9:76:11 1 0 0 6 16 IMASPadn
11 10.17.169.69 192.168.30.3 47 8200 1500 811 0 0 78 0 9C:1C:12:B9:76:10 9807 621 0 5 0 IMSPad
Note: Internally, datapath allocates a different identification no# for the tunnels and the same is being shown in the above datapath output. (i.e 12 and 13). Below datapath specific command shows more details:
(ArubaController1) #show datapath tunnel-group
Datapath Tunnel-Group Table Entries
-----------------------------------
Tunnel-Group Active Tunnel Members
------------ ------------- -------------------
16385 12 12 13
Debugging can be enabled on the network process, to troubleshoot further.
(Aruba) (config) #logging level debugging network process fpapps