Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎08-26-2015

AP can't discover controller over DMVPN

Hi,

I provisioned an AP 155 in campus mode over campus LAN segment  for a branch office location connect to main campus via DMVPN. I was able to see the AP register to the controller over campus LAN and broadcast SSID's. When the same AP was connected to branch office LAN segment, AP was unable to discover the master controller. I have option 43 configured on the branch office LAN segment. If i configure the same AP in RAP mode it works. Any idea what I'm missing ?

thanks,

TJ

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: AP can't discover controller over DMVPN

Do you have option 60 also configured?  Both are necessary.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎08-26-2015

Re: AP can't discover controller over DMVPN

my apologies both option 43 and 60 are set .

-TJ

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: AP can't discover controller over DMVPN

You should find out what ip address the AP gets and type "show datapath session table <ip address>" on the controller to see if it sending any traffic to the controller.

 

Alternatively, you can connect the AP to a console port and see if it says anything about discovery.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎08-26-2015

Re: AP can't discover controller over DMVPN

i see it communicating with the controller but it it does not come up until i add it to whitelist and change it to a RAP .

10.33.10.13 is the controller .

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
10.96.56.40     10.33.10.13     17   8211  8211   0/0     0 0   0   1/1         6    5         4248       FCI
10.96.56.40     10.33.10.13     17   8211  8222   0/0     0 0   0   1/1         6    0         0          FYCI
10.96.56.40     10.33.10.13     17   8211  1000   0/0     0 0   0   1/1         6    0         0          FYCI
10.33.10.13     10.96.56.40     17   1000  8211   0/0     0 0   0   1/1         6    0         0          FYI
10.33.10.13     10.96.56.40     17   8222  8211   0/0     0 0   0   1/1         6    0         0          FYI
10.33.10.13     10.96.56.40     17   8211  8211   0/0     0 0   0   1/1         6    0         0          FYI

 

 

Regards,

tJ

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: AP can't discover controller over DMVPN

Okay.  What I don't see is GRE (protocol 47) traffic.  In the AP group for the AP, there is an AP System Profile.  Check the MTU or SAP MTU parameter.  It is typically blank.  Make the MTU 1400 and try again.  With a RAP, the MTU is automatically lowered and that could be why it is working, while a CAP does not work.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎08-26-2015

Re: AP can't discover controller over DMVPN

I played around with the MTU settings like you suggested ( 1400,1300 ,1250) but still no luck. Is there a known issue with campus AP's not working over a DMVPN/ IPSEC( GRE) tunnel ? Does the AP not adjust the MSS ?

thanks,

TJ

Guru Elite
Posts: 20,819
Registered: ‎03-29-2007

Re: AP can't discover controller over DMVPN

You should open a TAC case so they can understand what is going on with your network.  A number of people with MPLS adjust the MTU and it works; it does not work dynamically.  There could be something else in your network that is affecting this connectivity.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: