Security

Reply
Occasional Contributor II

VRRP Issue

Hi,

 

We have 2 controllers 7210 model and we configure it as active/standby using vrrp. OS version running in both controller is 6.4.2.4. The problem is the vrrp status in the master controller it says the vrrp VR state is Master for a specific vlan on the backup the status is also Master. So it quite confusing because backup should be in backup state. Then with this status when will do ping test for both SVI of the 2 controller we cannot able to ping. We check the ip interface and all looks good and UP. Below is the status of the VRRP of both master and backup.

 

Controller VRRP status:

 


Virtual Router 102:
    Description
    Admin State UP, VR State MASTER
    IP Address 10.208.2.5, MAC Address 00:00:5e:00:01:66, vlan 102
    Priority 110, Advertisement 1 sec, Preemption Enable Delay 30
    Auth type PASSWORD, Auth data: ********
    tracking type is master-up-time, duration 30 minutes, value 20
    tracked priority 130

 

Controller 2 VRRP status:

 


Virtual Router 102:
    Description
    Admin State UP, VR State MASTER
    IP Address 10.208.2.5, MAC Address 00:00:5e:00:01:66, vlan 102
    Priority 100, Advertisement 1 sec, Preemption Enable Delay 30
    Auth type PASSWORD, Auth data: ********
    tracking type is master-up-time, duration 30 minutes, value 20
    tracked priority 120

 

 

Regular Contributor I

Re: VRRP Issue

So the controllers cannot ping each other on this VLAN? Are you sure your upstream switch is correctly configured? If you plug a cable directly between the controllers on this VLAN/port does the VRRP work correctly?


VRRP required L2 connectivty between the two hosts on each VLAN you want to have a virtual IP in. In they controllers cannot see each other on that VLAN, they wont be able to work with VRRP correctly.

 

Can you see arp entries in controller 1 for the IP on controller 2?

 

Check your upstream swtich to ensure the packets are allowed between the controllers, or test with a directly connected cable to ensure the interface is working in that case.

 

_ELiasz

-------------------
ACDX, ACCP, CISSP, CWNA
Occasional Contributor II

Re: VRRP Issue

yes tried to connect the controller directly to the back controller and got same results. VIP was already correctly configured in both controllers. Uplinks has same configuration and also on the core switcg. Then during your test we notice that on both controllers the user affair and we notice that from the master controller the user got the right role and authenticated but on the backup controller user got initial role and not authenticated so now when the user browse to the internet it keeps redirecting to the CP page.

Occasional Contributor II

Re: VRRP Issue

Yes I can see arp entries in both controllers and it looks good.

Re: VRRP Issue

Make sure that if you are using a password for VRRP that it matches
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: VRRP Issue

Yes all has same vrrp password

Re: VRRP Issue

If you run the show switches command what do you see?

 

Also can you post the result of show master-redundancy.

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Regular Contributor I

Re: VRRP Issue

Having the same issue.  Please post if you find the fix.  I will do the same.  I can only ping the SVI interfaces of controller 2 if I power off controller 1 and 2 becomes the active.  Like you some of my interfaces on coontroller 2 are active and some are in backup.  On controller 1 they are all active.

Guru Elite

Re: VRRP Issue

ascott,

 

Can you ping the management addresses of both controllers from a third wired location?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: VRRP Issue

Here are the results for the "show switches and show master-redundancy"

 

Master controller:

All Switches
------------
IP Address     Name                Location                 Type     Model      Version        Status  Configuration State  Config Sync Time (sec)  Config ID
----------     ----                --------                 ----     -----      -------        ------  -------------------  ----------------------  ---------
10.x.x.192  Aruba7210-01             US                     master   Aruba7210  6.4.2.4_48122  up      UPDATE SUCCESSFUL    0                       2
10.x.x.193   Aruba7210-02           Building1.floor1         standby  Aruba7210  6.4.2.4_48122  up      UPDATE SUCCESSFUL    16                      2


Master redundancy configuration:
    VRRP Id 10 current state is MASTER
    Peer's IP Address is 10.x.x.193
    Peer's IPSEC Key is ********

 

Backup Controller:


All Switches
------------
IP Address     Name                Location          Type     Model      Version        Status  Configuration State  Config Sync Time (sec)  Config ID
----------     ----                --------          ----     -----      -------        ------  -------------------  ----------------------  ---------
10.x.x.193  Aruba7210-02         Building1.floor1  standby  Aruba7210  6.4.2.4_48122  up      UPDATE SUCCESSFUL    0                       2


Master redundancy configuration:
    VRRP Id 10 current state is BACKUP
    Peer's IP Address is 10.x.x.192
    Peer's IPSEC Key is ********

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: