Controller Based WLANs

What are the different commands to look at when troubleshooting tunnel group on Aruba Controller?

Environment : This article applies to all Aruba controller running ArubaOS version 6.3 and above.

 

First step would be to verify if the keepalives making through the GRE tunnels. This need to be verifies on both the end points.
Below command shows the tunnel statistics:

(Aruba) #show interface tunnel 1

Tunnel 1 is up line protocol is up
Description: Tunnel Interface
Source  10.17.169.69
Destination 10.17.169.67
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is enabled
Keepalive type is Default
Tunnel keepalive interval is 10 seconds, retries 3
        Heartbeats sent 9012, Heartbeats lost 2
        Tunnel is down 0 times
tunnel vlan 711,811

Note: In the above output, this end point has sent 9012 keepalives, whereas lost two keepalives from the other end point.

Secondly, use the below command to see the active tunnel in the tunnel group.

(Aruba) #show tunnel-group

Tunnel-Group Table Entries
--------------------------
Tunnel Group       Mode  Tunnel Group Id  Preemptive Failover   Active Tunnel Id  Tunnel Members
------------       ----  ---------------  --------------------  ----------------  --------------
Tunnel-Redundacny  L2    16385            enabled               1                 1   2


The encaps and decaps in the below datapath session output, actually shows the is the traffic is making through the tunnel.

(ArubaController1) #show datapath tunnel table

Datapath Tunnel Table Entries
-----------------------------

Flags: E - Ether encap,  I - Wi-Fi encap,  R - Wired tunnel,  F - IP fragment OK
       W - WEP,  K - TKIP,  A - AESCCM,  G - AESGCM,  M - no mcast src filtering
       S - Single encrypt,  U - Untagged,  X - Tunneled node,  1(cert-id) - 802.1X Term-PEAP
       2(cert-id) - 802.1X Term-TLS,  T - Trusted,  L - No looping, d - Drop Bcast/Unknown Mcast,
       D - Decrypt tunnel,  a - Reduce ARP packets in the air, e - EAPOL only
       C - Prohibit new calls, P - Permanent, m - Convert multicast
       n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
       V - enforce user vlan(open clients only)
       H - Standby (HA-Lite)

 #          Source       Destination    Prt  Type  MTU   VLAN       Acls                BSSID          Decaps     Encaps   Heartbeats Cpu QSz Flags  EncapKBytes  DecapKBytes
------  --------------  --------------  ---  ----  ----  ---- -------------------  ----------------- ---------- ---------- ---------- --- --- ----- ------------- -----------
12      10.17.169.69    10.17.169.67    47   1     1100  0    0    0    0    0     00:00:00:00:00:00       1049       7761          0   5   0 TEFPR
13      10.17.169.69    10.17.169.68    47   1     1100  0    0    0    0    0     00:00:00:00:00:00          0        855          0   6   0 TEFPRH
10      10.17.169.69    192.168.30.3    47   9000  1500  0    0    0    0    0     9C:1C:12:C3:97:60      95626          0      94829   7   0 TES
19      10.17.169.69    192.168.30.3    47   8330  1500  711  0    0    85   0     9C:1C:12:B9:76:03       2884         47          0   6   0 IMSPa
18      10.17.169.69    192.168.30.3    47   8320  1500  611  0    0    89   0     9C:1C:12:B9:76:02       2606          0          0   5   0 IMSPa
17      10.17.169.69    192.168.30.3    47   8310  1500  904  0    0    2    0     9C:1C:12:B9:76:01          1          0          0   7  16 IMASPadn
16      10.17.169.69    192.168.30.3    47   8300  1500  811  0    0    78   0     9C:1C:12:B9:76:00       3745         31          0   6   0 IMSPad
15      10.17.169.69    192.168.30.3    47   8230  1500  711  0    0    85   0     9C:1C:12:B9:76:13       6501        410          0   5   0 IMSPa
14      10.17.169.69    192.168.30.3    47   8220  1500  611  0    0    89   0     9C:1C:12:B9:76:12       5756          9          0   7   0 IMSPa
9       10.17.169.69    192.168.30.3    47   8210  1500  904  0    0    2    0     9C:1C:12:B9:76:11          1          0          0   6  16 IMASPadn
11      10.17.169.69    192.168.30.3    47   8200  1500  811  0    0    78   0     9C:1C:12:B9:76:10       9807        621          0   5   0 IMSPad

Note: Internally, datapath allocates a different identification no#  for the tunnels and the same is being shown in the above datapath output.  (i.e  12 and 13). Below datapath specific command shows more details:


(ArubaController1) #show datapath tunnel-group
 
Datapath Tunnel-Group Table Entries
-----------------------------------
Tunnel-Group  Active Tunnel        Members
------------                -------------        -------------------
16385                      12                   12  13



Debugging can be enabled on the network process, to troubleshoot further.

(Aruba) (config) #logging level debugging network process fpapps

Version history
Revision #:
1 of 1
Last update:
‎04-09-2015 03:49 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.