Environment All Aruba OS
Yes It's an expected behaviour since user table in auth is reset. If we have a backup-LMS Raps will switched to that and IKE drop all IPSEC connections to configured backup-LMS, However, RAPs will switch back to LMS automatically if lms-preemption in ap-system-profile is enabled . Test Setup/ Outputs================Setup shows how the Ipsec session is terminated when the auth module is restarted.kuv_sek_7210_master) #show ap activeActive AP Table---------------Name Group IP Address 11g Clients 11g Ch/EIRP/MaxEIRP 11a Clients 11a Ch/EIRP/MaxEIRP AP Type Flags Uptime Outer IP---- ----- ---------- ----------- ------------------- ----------- ------------------- ------- ----- ------ --------18:64:72:c9:97:54 default 10.1.1.3 0 AP:HT:7+/18/18 0 AP:VHT:108+/22/22 225 RAa 10m:50s 172.16.0.1User table in Auth==============(kuv_sek_7210_master) #show user-table verbose Users----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name Server Vlan Bwm UaStr:ParseDisable/Flag/ShortIndex---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ------ ---- --- ----------------------------------172.16.0.1 00:00:00:00:00:00 logon 00:00:01 N/A tunnel 0 (0) OFF/0/010.1.1.1 00:00:00:00:00:00 aruba123 sys-ap-role 00:00:01 VPN 172.16.0.1 N/A default-rap tunnel Internal 0 (0) OFF/0/0 IPSEC SA Active Session Information-----------------------------------Initiator IP Responder IP InitiatorID ResponderID Flags Start Time Inner IP------------ ------------ ----------- ----------- ----- --------------- --------172.16.0.1 172.16.0.253 10.1.1.2/32 0.0.0.0/0 UT Aug 29 06:13:08 10.1.1.2 Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2(kuv_sek_7210_master) #process restart authWARNING: Do you really want to restart process: auth (y/n): yRestarting: auth (kuv_sek_7210_master) # show crypto ipsec sa % No active IPSEC SA================================ Disconnects Ipsec (kuv_sek_7210_master) # show crypto ipsec sa IPSEC SA Active Session Information-----------------------------------Initiator IP Responder IP InitiatorID ResponderID Flags Start Time Inner IP------------ ------------ ----------- ----------- ----- --------------- --------172.16.0.1 172.16.0.253 10.1.1.3/32 0.0.0.0/0 UT Aug 29 06:17:36 10.1.1.3 ===========session comes back as the LMS is active Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.