Remote Networking

Reply
Aruba Employee
Posts: 64
Registered: ‎04-07-2007

ip local pool range - routable?

I have a question about setting up the VPN pool for remote AP's.

As part of the config you need to config a pool of vpn addresses.

ip local pool

My question is on the range of that list and what interface is this assigned to.

We have ours configed to a private non-routable range.

The problem is that while our remote ap's are up we get a ton of PAPI errors in our logs

Jul 13 20:12:51    |wms|  PAPI_Send failed to probe IP 192.168.110.188 from WMS
Jul 13 20:12:52 |wms| PAPI_Send failed to probe IP 192.168.110.177 from WMS
Jul 13 20:12:54 |wms| PAPI_Send failed to probe IP 192.168.110.185 from WMS
Jul 13 20:12:54 |wms| PAPI_Send failed to probe IP 192.168.110.214 from WMS

If I tracert to these addr's I see the path go out the default gateway and get killed at our border.
My question is - What should we be doing here? Real routable IP ranges i.e. ones that live in a VLAN off or on box? Setting up a static route to these ranges on the Aruba box (if so what interface should they go out?)

The docs and validated reference guide do not go into the details about this pool.

Thanks!

John Turner
Brandeis University
Guru Elite
Posts: 20,788
Registered: ‎03-29-2007

IP Addresses

Turner,

I was wrong in a previous post. You should be able to ping those IP addresses without creating an IP interface on the controller. Are you sure that those APs are up?

Maybe someone else can explain the origin of those papi logs....?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 64
Registered: ‎04-07-2007

Re: ip local pool range - routable?

Sorry the errors are on the master, but the remote APs are on a different LMS. The LMS they are on can ping them and does not have the PAPI errors.
Aruba Employee
Posts: 25
Registered: ‎03-28-2007

IP address pool for RAP should be routable to the master controller or Airwave

Hi John,

The IP address pool for RAP's should be routable to the master controller and to the Airwave management system. This is for device classification purpose (e.g. classifying whether a client or AP is valid, interfering or rogue). That's why you see that message on the master controller but not the local controller where you RAP actually terminates.

On a single controller deployment with no AWMS (Airwave), the address can be arbitrary and local to the controller since that controller is the master controller.

This is mentioned in the configuration section in the Virtural Branch Networks Validated Reference Design guide v3.0 RN:

http://www.arubanetworks.com/pdf/technology/VBN_VRD.pdf

pg. 121, Task 2: Provide a Route to the Master Controller

The local controller periodically communicates with the master controller to report management
information and to receive configuration updates. RAPs also transmit ARM and WIP telemetry to the master controller on a regular basis. Therefore the network administrator must confirm that the master controller has IP connectivity to both the local controller and the RAP inner IP address pool by verifying that the following conditions are true:

/AP
Aruba Employee
Posts: 64
Registered: ‎04-07-2007

Re: ip local pool range - routable?

Cool that clears that question up, though I would suggest that be made more clear in the docs via an illustration. Page 139 of the VBN VRD (Step 1H: Configure the IP Address Pools) does not make suggestions as to how the pool should be defined for routing purposes, only to size it for the number of AP's

Now to the second part of the question, what vlan or interface does this pool sit on? or will it assign itself based on the IP range? I have 10 VLAN's defined on the controller that are externally routed and reachable by both the master and LMS.
Aruba Employee
Posts: 25
Registered: ‎03-28-2007

Re: ip local pool range - routable?




Noted. Will pass it onto the responsible group.



Now to the second part of the question, what vlan or interface does this pool sit on? or will it assign itself based on the IP range? I have 10 VLAN's defined on the controller that are externally routed and reachable by both the master and LMS.




The VPN address pool does not have to be part of a VLAN. Treat it as a PPP assigned address. And the range does not have to fall into any subnet boundary. You can set-up a static route on your core router to point IP addresses on the pool to any IP interface on the controller.

Alternately, you can set-up the VPN pool to be part of a subnet on the controller (be careful to exclude the gw address). If that subnet/vlan is also on a real physical port, the controller will proxy ARP IP addresses for the pool.

I recommend using the former (static route on your upstream router).
JYL
Occasional Contributor II
Posts: 25
Registered: ‎10-08-2009

Re: ip local pool range - routable?

It would be much better if in the documentation you have the router configuration instead of just noting it. were having a problem on defining it into the router we made everything in routing but still not working. could you someone provide what is the relevant configuration require on the router in the VRD P 106.

we really appreciated it.

Thanks
JYL
Occasional Contributor II
Posts: 31
Registered: ‎06-24-2009

ip local pool range - routable?

I am out of the office and will return on Monday, November 30. If this is an emergency please call x. 860-297-2100, otherwise I will respond to your email when I return.
Guru Elite
Posts: 20,788
Registered: ‎03-29-2007

Routing


It would be much better if in the documentation you have the router configuration instead of just noting it. were having a problem on defining it into the router we made everything in routing but still not working. could you someone provide what is the relevant configuration require on the router in the VRD P 106.

we really appreciated it.

Thanks
JYL




You have to make sure that the Pool for your RAPs inner IP address is a routable network. You also have to make sure the controller has a VLAN with an IP address in the range of the pool that is routable.

For example if my pool is 8.8.8.1 to 8.8.8.20, I must have:

interfact vlan 20
ip address 8.8.8.1 255.255.255.0

..on my controller.

As long as your infrastructure can reach 8.8.8.1 the APs will route correctly.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 56
Registered: ‎04-22-2009

Go Arbitrary - It's only significant on the L2TP link....

The L2TP pool can be any arbitrary address, realize that from the "trusted" side of your controller that the controller will proxy-arp for those tunnel addresses, so if they do conflict with your internal addressing you could have problems.

We did a 172.16.1.0/24 internal network and gave out 172.16.1.224-254 in L2TP, but found our DHCP admins never excluded the addresses, so problems happened.

We move the L2TP pool to 1.1.1.1 to 1.1.1.254 and now that there's no conflict with internal addressing we've been solid...

So rule of thumb is "pick something that won't conflict"....
Search Airheads
Showing results for 
Search instead for 
Did you mean: