Controller Based WLANs

Environment         All Aruba OS

Yes   It's  an expected behaviour since user table  in auth is reset. If we have a  backup-LMS  Raps will switched to that and IKE drop all IPSEC connections  to  configured backup-LMS,    However, RAPs will switch back to LMS automatically if lms-preemption in ap-system-profile is enabled .

 
Test Setup/ Outputs
================

Setup shows how the Ipsec session is terminated when the auth module is restarted.

kuv_sek_7210_master) #show ap active

Active AP Table
---------------
Name               Group    IP Address  11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP  AP Type  Flags  Uptime   Outer IP
----               -----    ----------  -----------  -------------------  -----------  -------------------  -------  -----  ------   --------
18:64:72:c9:97:54  default  10.1.1.3    0            AP:HT:7+/18/18       0            AP:VHT:108+/22/22    225      RAa    10m:50s  172.16.0.1


User table in Auth
==============
(kuv_sek_7210_master) #show user-table  verbose
 
Users
-----
    IP           MAC            Name     Role         Age(d:h:m)  Auth  VPN link    AP name  Roaming  Essid/Bssid/Phy  Profile      Forward mode  Type  Host Name  Server    Vlan   Bwm  UaStr:ParseDisable/Flag/ShortIndex
----------  ------------       ------    ----         ----------  ----  --------    -------  -------  ---------------  -------      ------------  ----  ---------  ------    ----   ---  ----------------------------------
172.16.0.1  00:00:00:00:00:00            logon        00:00:01                      N/A                                             tunnel                                   0 (0)       OFF/0/0
10.1.1.1    00:00:00:00:00:00  aruba123  sys-ap-role  00:00:01    VPN   172.16.0.1  N/A                                default-rap  tunnel                         Internal  0 (0)       OFF/0/0


 
IPSEC SA Active Session Information

-----------------------------------
Initiator IP     Responder IP     InitiatorID         ResponderID         Flags    Start Time      Inner IP
------------     ------------     -----------         -----------         -----  ---------------   --------
172.16.0.1       172.16.0.253     10.1.1.2/32         0.0.0.0/0           UT     Aug 29 06:13:08   10.1.1.2
 
Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
       L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2


(kuv_sek_7210_master) #process restart auth
WARNING: Do you really want to restart process: auth (y/n): y
Restarting: auth
 
(kuv_sek_7210_master) # show crypto ipsec  sa
 
% No active IPSEC SA================================ Disconnects Ipsec


(kuv_sek_7210_master) # show crypto ipsec  sa
 
IPSEC SA Active Session Information
-----------------------------------
Initiator IP     Responder IP     InitiatorID         ResponderID         Flags    Start Time      Inner IP
------------     ------------     -----------         -----------         -----  ---------------   --------
172.16.0.1       172.16.0.253     10.1.1.3/32         0.0.0.0/0           UT     Aug 29 06:17:36   10.1.1.3 ===========session comes back as the LMS is active
 
Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
       L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2