01-28-2015 08:28 AM
Hello everyone I could use some help. I have two locations with 2-4 APs each which point to different controllers that have the Dirty config flag. I also have several hundred other APs local and remote to the same two controllers that are working just fine. I suspect network issue and need help proving it.
Site 1 - 4 x AP105 to a remote controller that was recently upgraded from AOS 22.214.171.124 to 126.96.36.199 We noticed the issue after the upgrade but may have been there before as wireless is not heavily used here. All we know is wireless was working at some point before the upgrade. Site has an MPLS circuit with 2xT1 multilink. I provisioned 4 new APs to the same remote controller, tested them, from my home office and shipped them to the site. Once at the site they had the same issue. I can see the APs on the controller so the GRE tunnel is up. Have a case with Aruba they said the papi port must be blocked because the configs are not being pushed to the AP. We converted one AP from a CAP to a RAP and this worked. Aruba says the reason is CAP use GRE and RAP uses IPSec and handle MTU differently. I have the AP group MTU set to 1200, we have no firewalls inline, just routers, switches and riverbeds. I can ping 1500 bytes across the MPLS with DF set. I have a packet capture if it helps and outputs of any commands. Also I tried to provision through the console cable one of the CAPs to another controller that and the dirty config followed to that site.
Site 2 - same exact issue but this one started when they switched from a VPN circuit to a new 2xT1 Multilink MPLS circuit. No riverbeds on this site.
I believe both of these issues are network related specific to the GRE tunnel and MTU. How would you isolate this?