Wireless Access

HI,

 

Does LACP suppport for Bridge SSID @ branch location.

Aruba 7200 Controller is in Datacenter & configured Tunnel & Bridge SSID in one of the branch. AP 325 is @ branch no local controller is used in branch.

Need to implement LACP for both tunnel & bridge SSID.

Tunnel SSID work perfect, but Bridge SSID is not working.

 

Hi Sangram,

 

1. How many controllers do you have in the setup?

2. Is the bridge SSID working without LACP ?

3. Please  elaborate on the issue that is seen with bridge SSID when AP LACP is enabled.

 

Is the issue seen with for clients connecting 2.4 or 5 Ghz ?

 

 

Hi Nitesh,

 

Please find below reply.

 

1. How many controllers do you have in the setup?

-- only one  Controller

2. Is the bridge SSID working without LACP ?

-- Yes Brigde SSID work without LACP

3. Please  elaborate on the issue that is seen with bridge SSID when AP LACP is enabled.

--When AP LACP GRE stripping is configured bridge mode SSIDs will stop working. If we have one tunnel SSID and one bridge SSID, tunnel works fine and bridge clients will get affected.

 

Is the issue seen with for clients connecting 2.4 or 5 Ghz ?

Both client has issue.

Hi Sangram,

 

I tested with AP-325  running on 6.5.0.4 & did not encounter any issues with the bridge SSID.

 

(CDP01) #show user-table

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
65.1.1.254 c0:ee:fb:dc:df:dc authenticated 00:00:00 40:e3:d6:cd:e5:1e Associated(Remote) bridge-test/40:e3:d6:5e:51:e0/g-HT bridge bridge

 

 

AP was running in LACP mode.

 

 Files attached.

 

Please share the LACP config/port config & firmware version that you are running on the network.

Hi, Nitesh,

Thanks for quick reply.
Actually we need to brodcast both bridge SSID and tunnel SSID on same AP.
Please confirm whether LACP is possible with both.

Hi Sangram,

 

It works for me . As listed below, I have one client on tunnel & 2 clients on bridge mode SSID.

 

(CDP01) (config) #show user-table

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
50.1.1.2 c0:ee:fb:dc:df:dc authenticated 00:00:07 40:e3:d6:cd:e5:1e Wireless max-association/40:e3:d6:5e:51:e1/g-HT max-association tunnel Android Android-7
65.1.1.250 a4:4e:31:75:0b:fc authenticated 00:00:00 40:e3:d6:cd:e5:1e Associated(Remote) bridge-test/40:e3:d6:5e:51:e0/g-HT bridge bridge
65.1.1.251 c4:d9:87:67:ac:46 authenticated 00:00:03 40:e3:d6:cd:e5:1e Associated(Remote) bridge-test/40:e3:d6:5e:51:f0/a-HT bridge bridge

 

 

What is the firmware version running on your controller ?

What is the exact issue seen for the client device ?

 

Is client connecting to open/PSK or 802.1x SSID ?

Is the issue observed at layer 2 (authentication related) or Layer 3 (DHCP/traffic) ?

Hi Nitesh,

 

Appriciate your support. Please find below reply. Also I will share configuration file today & update you on exact issue.

 

What is the firmware version running on your controller ?

version 6.4.4.9

What is the exact issue seen for the client device ?

 Will update you today.

Is client connecting to open/PSK or 802.1x SSID ?

802.1x for both tunnel & Bridge

Is the issue observed at layer 2 (authentication related) or Layer 3 (DHCP/traffic) ?

Will update you today.

 

Have you configured GRE stripping is configured bridge mode?

Can you Please help me with configureation snap on controller & AP profile side for LACP. so that I can get same configured on our controller & test.

 

Thanks in advance.

Hi Sangram:

 

We need the following configuration on the controller. I am just pasting the relevant config (dummy IP's).

 

ap-lacp-striping-ip
aplacp-enable
striping-ip 1.1.1.2 lms 1.1.1.1
!

ap system-profile "default"
lms-ip 1.1.1.1
!

 

Note: LMS IP in the LACP profile needs to match the LMS IP listed in the AP system profile

 

On the switch side where the AP is connected, LACP ports need to be in active mode.

 

if LACP is enabled, AP will show s flag in the ap database output.

Hi Nitesh,

 

I will do the same configuration & update you.

 

We have around 100 live aruba 100, 200 series APs which broadcasting bridge & tunnel SSID. AP 325 is going to be live in new enviroment with LACP configuration. Please help to clarify below queries.

 

1.does it affect existing AP profiles or configuration which does not support LACP, if we change the configuration for perticular AP profile. 

2. can multiple AP profile with LACP & without LACP work in same scenario.

3. while doing this changes any reboot or any distrubance will accour?

 

while doing this below configuration existing live setup should not hamper. please confirm 

Hi Sangram,

 

LACP does not apply to 100 series AP.

 

If AP is not connected to LACP enabled ports, they will not form LACP & continue to function properly.

 

I will still suggest to put few 325's on different AP-group for testing.

Hi Sangram,

 

To clarify the things:

 

1. AP LACP is only meant to handle GRE packets.

 

So, it is used for distributing traffic for tunnel/d-tunnel mode ssid's.

 

2. In bridge mode, there is no GRE tunnel as traffic is locally bridged.

 

So, traffic load balancing will not occur for clients connecting to bridge mode ssid.

 

 

However, bridge mode VAP can co-exist in the same ap-group as tunnel mode VAP when AP LACP is used.

 

In case, your client is unable to get an IP address when connected to bridge mode ssid, we need to checkthe following:

 

a) Whether the ACL's for the users are getting programmed correctly.

 

This can be verified from ap datapath user output.

 

b) AP uplink capture will tell us whether DHCP packets are seen on uplink of the AP.

Hi Nitesh,

 

Please confirm whether GRE stripping IP address should be free or it need to be already assinged to any device in same network.

 

for example: I have controller with 10.10.10.10 & gateway is 10.10.10.1; Now I have 10.10.10.9 free IP address. kindly confirm whether I can use 10.10.10.9 IP as GRE Stripping IP, which is free & not used on network.

Current controller firmware is 6.5.0.3 3.

Hi Sangram,

 

GRE striping IP should be  an unused (free) IP from the same network as controller.

Hi Sangram,

 

To close the loop, the issue is only affecting 2.4 Ghz clients. Clients connecting to a 5 Ghz do not face any issues.

 

Issue:2.4 Ghz clients will be unable to connect to 802.1x based network (bridge mode) when AP LACP is enabled on AP-325.

 

The issue has been root caused & will be addressed in upcoming 6.4.4.13 & 6.5.1.5 releases.

Hi Nitesh,

     one question, when you say

2. In bridge mode, there is no GRE tunnel as traffic is locally bridged.

So, traffic load balancing will not occur for clients connecting to bridge mode ssid.

 However, bridge mode VAP can co-exist in the same ap-group as tunnel mode VAP when AP LACP is used.

---

In bridged mode we lost only the aggregation in terms of bandwidth but we maintain the ethernet+poe redundancy?

 

thanks