Wireless Access

Reply

6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

Hi Airheads,

when configuring master VRRP redundancy

it's seems that on 6.4.3.4 when using IPSEC key that master redundancy dosent work as needed (Controllers cant ping each other) but when changing to certificate + MAC everything working like charm.

 

*How do u know the VRRP redundancy didnt work = ping dosent work,when deleting the master redundancy - ping working.

IPSEC key not working no pings between controllers ,certificate pings working and the two controller can see each other and able to communcte each other as needed.

 

anyone else encounter this issue on 6.4.3.4?

 

Please advise.

 

Thanks.

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

kdisc98,

 

Are you saying that just setting up VRRP does not work?  Master redundancy relies on VRRP being setup first.  After that, you setup master redundancy, and it depends on VRRP to work properly.  What is your VRRP setup in both scenarios?  You should rely on "show switches" from the master to determine if master redundancy is working or not.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

That the wired part - vrrp setting working like charm ,But when adding Master red option in both controllers based on the above vid and with ipsec key... suddenly no icmp...changing it to MAC+cert and it working like charm
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

VRRP working..
THE MASTER REDUDANCY not working with ipsec key...causing no icmp/traffic between controllers..but when changing it to CERT+MAC the Master redundancy working and everything is working as needed
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

Why did you configure cert+mac and did you configure that first?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

Nope,First i established the VRRP (VID 216) and then after seeing that this is working as needed (FLOATING ADDRESS and everything) i configure the master red based on IPSEC key as always , and i notice that suddenly i don't have connectivity between the controllers so i double/triple checked the key with same results..changing it to CERT + MAC solved the issue and everything worked back again.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

Changing to cert+mac requires additional setup of the certs.  Did you do all of that?  Nobody really uses cert+mac.  Did you do a "show crypto ipsec sa" or "show switches" and see that it was working with cert+mac?  Just pinging is not necessarily a way to detect that it is working.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

factory cert dosent need any extra config (Between controllers)
and on show switches i can see both of them with update successful ... + ICMP is working + all traffic is working.
*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

2015-10-30_09-59-35.png

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************

Re: 6.4.3.4 Master redundancy working only with certificate not with IPSEC key (??)

im not on site right now,But here is a screenshot

 

After choosing work with CERT+MAC and not with IPSEC on the master redundancy 2015-11-01_15-10-05.png

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: