Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AP can't discover controller over DMVPN

This thread has been viewed 0 times

  • 1.  AP can't discover controller over DMVPN

    Posted Nov 04, 2016 07:12 PM

    Hi,

    I provisioned an AP 155 in campus mode over campus LAN segment  for a branch office location connect to main campus via DMVPN. I was able to see the AP register to the controller over campus LAN and broadcast SSID's. When the same AP was connected to branch office LAN segment, AP was unable to discover the master controller. I have option 43 configured on the branch office LAN segment. If i configure the same AP in RAP mode it works. Any idea what I'm missing ?

    thanks,

    TJ



  • 2.  RE: AP can't discover controller over DMVPN

    EMPLOYEE
    Posted Nov 04, 2016 08:05 PM

    Do you have option 60 also configured?  Both are necessary.



  • 3.  RE: AP can't discover controller over DMVPN

    Posted Nov 04, 2016 08:25 PM

    my apologies both option 43 and 60 are set .

    -TJ



  • 4.  RE: AP can't discover controller over DMVPN

    EMPLOYEE
    Posted Nov 04, 2016 09:15 PM

    You should find out what ip address the AP gets and type "show datapath session table <ip address>" on the controller to see if it sending any traffic to the controller.

     

    Alternatively, you can connect the AP to a console port and see if it says anything about discovery.



  • 5.  RE: AP can't discover controller over DMVPN

    Posted Nov 04, 2016 09:45 PM

    i see it communicating with the controller but it it does not come up until i add it to whitelist and change it to a RAP .

    10.33.10.13 is the controller .

      Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags
    --------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
    10.96.56.40     10.33.10.13     17   8211  8211   0/0     0 0   0   1/1         6    5         4248       FCI
    10.96.56.40     10.33.10.13     17   8211  8222   0/0     0 0   0   1/1         6    0         0          FYCI
    10.96.56.40     10.33.10.13     17   8211  1000   0/0     0 0   0   1/1         6    0         0          FYCI
    10.33.10.13     10.96.56.40     17   1000  8211   0/0     0 0   0   1/1         6    0         0          FYI
    10.33.10.13     10.96.56.40     17   8222  8211   0/0     0 0   0   1/1         6    0         0          FYI
    10.33.10.13     10.96.56.40     17   8211  8211   0/0     0 0   0   1/1         6    0         0          FYI

     

     

    Regards,

    tJ



  • 6.  RE: AP can't discover controller over DMVPN

    EMPLOYEE
    Posted Nov 05, 2016 06:20 AM

    Okay.  What I don't see is GRE (protocol 47) traffic.  In the AP group for the AP, there is an AP System Profile.  Check the MTU or SAP MTU parameter.  It is typically blank.  Make the MTU 1400 and try again.  With a RAP, the MTU is automatically lowered and that could be why it is working, while a CAP does not work.



  • 7.  RE: AP can't discover controller over DMVPN

    Posted Nov 06, 2016 11:41 AM

    I played around with the MTU settings like you suggested ( 1400,1300 ,1250) but still no luck. Is there a known issue with campus AP's not working over a DMVPN/ IPSEC( GRE) tunnel ? Does the AP not adjust the MSS ?

    thanks,

    TJ



  • 8.  RE: AP can't discover controller over DMVPN

    EMPLOYEE
    Posted Nov 06, 2016 12:05 PM

    You should open a TAC case so they can understand what is going on with your network.  A number of people with MPLS adjust the MTU and it works; it does not work dynamically.  There could be something else in your network that is affecting this connectivity.