Will the RAP?s disconnect (IPSEC) when Process Auth is restarted

Aruba Employee

Environment         All Aruba OS

 

Yes   It's  an expected behaviour since user table  in auth is reset. If we have a  backup-LMS  Raps will switched to that and IKE drop all IPSEC connections  to  configured backup-LMS,    However, RAPs will switch back to LMS automatically if lms-preemption in ap-system-profile is enabled .

 
Test Setup/ Outputs
================

Setup shows how the Ipsec session is terminated when the auth module is restarted.

kuv_sek_7210_master) #show ap active

Active AP Table
---------------
Name               Group    IP Address  11g Clients  11g Ch/EIRP/MaxEIRP  11a Clients  11a Ch/EIRP/MaxEIRP  AP Type  Flags  Uptime   Outer IP
----               -----    ----------  -----------  -------------------  -----------  -------------------  -------  -----  ------   --------
18:64:72:c9:97:54  default  10.1.1.3    0            AP:HT:7+/18/18       0            AP:VHT:108+/22/22    225      RAa    10m:50s  172.16.0.1


User table in Auth
==============
(kuv_sek_7210_master) #show user-table  verbose
 
Users
-----
    IP           MAC            Name     Role         Age(d:h:m)  Auth  VPN link    AP name  Roaming  Essid/Bssid/Phy  Profile      Forward mode  Type  Host Name  Server    Vlan   Bwm  UaStr:ParseDisable/Flag/ShortIndex
----------  ------------       ------    ----         ----------  ----  --------    -------  -------  ---------------  -------      ------------  ----  ---------  ------    ----   ---  ----------------------------------
172.16.0.1  00:00:00:00:00:00            logon        00:00:01                      N/A                                             tunnel                                   0 (0)       OFF/0/0
10.1.1.1    00:00:00:00:00:00  aruba123  sys-ap-role  00:00:01    VPN   172.16.0.1  N/A                                default-rap  tunnel                         Internal  0 (0)       OFF/0/0


 
IPSEC SA Active Session Information

-----------------------------------
Initiator IP     Responder IP     InitiatorID         ResponderID         Flags    Start Time      Inner IP
------------     ------------     -----------         -----------         -----  ---------------   --------
172.16.0.1       172.16.0.253     10.1.1.2/32         0.0.0.0/0           UT     Aug 29 06:13:08   10.1.1.2
 
Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
       L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2


(kuv_sek_7210_master) #process restart auth
WARNING: Do you really want to restart process: auth (y/n): y
Restarting: auth
 
(kuv_sek_7210_master) # show crypto ipsec  sa
 
% No active IPSEC SA================================ Disconnects Ipsec


(kuv_sek_7210_master) # show crypto ipsec  sa
 
IPSEC SA Active Session Information
-----------------------------------
Initiator IP     Responder IP     InitiatorID         ResponderID         Flags    Start Time      Inner IP
------------     ------------     -----------         -----------         -----  ---------------   --------
172.16.0.1       172.16.0.253     10.1.1.3/32         0.0.0.0/0           UT     Aug 29 06:17:36   10.1.1.3 ===========session comes back as the LMS is active
 
Flags: T = Tunnel Mode; E = Transport Mode; U = UDP Encap
       L = L2TP Tunnel; N = Nortel Client; C = Client; 2 = IKEv2

Version history
Revision #:
1 of 1
Last update:
‎11-11-2014 04:51 PM
Updated by:
 
Labels (1)
Contributors
Tags (3)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.