Remote Networking

Reply
New Contributor

VIA Client Connects, Won't pass traffic through controller

I'm running 5.0.2 code, the VIA client connects and maintains a connection. I can ping any VLAN address on the controller, but nothing beyond that. For example, my controller IP is 172.25.10.253 and I can ping that, access the controller, etc. But the VLAN address on the switch it connects to is 172.25.10.1, which is also where the default route of the controller points to. Anything connected with the VIA client can ping 10.253, but not 10.1.

Any ideas?

Thanks,
Matt
Aruba Employee

Re: VIA Client Connects, Won't pass traffic through controller

What role is the VIA client getting placed into? Does that role allow ICMP to traverse beyond the controller? "show user | inc x.x.x.x" where x.x.x.x is your VIA client's IP address should tell you what role is being derived.

Also, when you ping something, do a "show datapath session | inc x.x.x.x" (same x.x.x.x as above) and look for the "D" flag. That means it was denied by a FW policy.
New Contributor

Re: VIA Client Connects, Won't pass traffic through controller

I'm deriving the VIA role that I setup, which currently only has allow-all policies on it. In the datapath, i see what i assume are my pings to internal addresses, including what look like replies. My client address is 172.25.17.159 here's a copy of what is showing:

# show datapath session | include 172.25.17.159
172.25.17.159 172.25.10.253 6 2425 22 0/0 0 0 0 tunnel 51 249 C
172.25.17.159 172.25.10.1 1 13571 2048 0/0 0 0 1 tunnel 51 2 FCI
172.25.17.159 172.25.10.1 1 13315 2048 0/0 0 0 1 tunnel 51 7 FCI
172.25.17.159 172.25.10.1 1 13059 2048 0/0 0 0 1 tunnel 51 d FCI
172.25.17.1 172.25.17.159 1 12803 0 0/0 0 0 1 tunnel 51 11 FI
172.25.17.159 172.25.17.1 1 12803 2048 0/0 0 0 1 tunnel 51 11 FCI
172.25.10.253 172.25.17.159 6 22 2425 0/0 0 0 0 tunnel 51 249
172.25.10.1 172.25.17.159 1 13315 0 0/0 0 0 0 tunnel 51 7 FYI
172.25.10.1 172.25.17.159 1 13571 0 0/0 0 0 0 tunnel 51 2 FYI
172.25.10.1 172.25.17.159 1 13059 0 0/0 0 0 0 tunnel 51 d FYI
Guru Elite

Re: VIA Client Connects, Won't pass traffic through controller

You need to have a route in your infrastructure pointing to the controller for the layer3 network that your VIA clients end up in. If your infrastructure does not have a route for 172.25.17.x, there is no way that pings will be returned to the controller. Please put a route in your infrastructure to 172.25.17.x and point it to the ip address of the controller and see if that helps.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: