Wireless Access

Reply

ArubaMM - VRRP Not Establishing

Trying to configure VRRP between (2) ArubaMM's, but can't seem to get them to communicate. Configuration is below:

 

ArubaMM-01

master-redundancy
master-vrrp 100
peer-ip-address 192.168.100.66 ipsec ipseckey
!
vrrp 100
priority 110
authentication ipseckey
ip address 192.168.100.67
description "Active Backup MM"
vlan 1
no shutdown
!

 

ArubaMM-02

master-redundancy
master-vrrp 100
peer-ip-address 192.168.100.54 ipsec ipseckey
!
vrrp 100
authentication ipseckey
ip address 192.168.100.67
description "Active Backup MM"
vlan 1
no shutdown
!

 

Logs show as follows after down/up on the VRRP instance:

 

May 5 12:56:31 :399838: <6174> <WARN> |fpapps| Received TUN_DOWN from IKE for default-psk-redundant-master-ipsecmap
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : INIT, licensevrid : 0 , mvrid : 100
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : INIT
May 5 12:58:23 :313328: <6174> <WARN> |fpapps| vrrp: vrid "100" - VRRP state transitioned from INIT to BACKUP
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_mgr_papi_recv_cb: Recv from 127.0.0.1:8226
May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_mgr_papi_recv_cb: MessageCode: 5004 len 93 data_len 17 Type 2
May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_mgr_papi_recv_cb: IP 0.0.0.0 role 0 got_master_ip 0 got_switch_ip 1
May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_master_ip_resp_hdlr: Got reply from CFGM with ip 192.168.100.67 role 4
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : INIT, licensevrid : 0 , mvrid : 100
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : INIT
May 5 12:58:23 :313328: <6174> <WARN> |fpapps| vrrp: vrid "100" - VRRP state transitioned from INIT to BACKUP
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Received TUN_UP from IKE for default-psk-redundant-master-ipsecmap mapid 0, vlanid 0, flags = 0x2 uplink_priority 0
May 5 12:58:27 :313331: <6547> <WARN> |fpapps| VRRP: vrid "100" - Missed 3 Hello Advertisements from VRRP Master 192.168.100.66
May 5 12:58:27 :313328: <6547> <WARN> |fpapps| vrrp: vrid "100" - VRRP state transitioned from BACKUP to MASTER
May 5 12:58:27 :399838: <6547> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : MASTER, licensevrid : 0 , mvrid : 100
May 5 12:58:27 :399838: <6547> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : MASTER
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with PEFNG enabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update 196 FEATURE_PEF_VPN is NOT set
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with RFP disabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with XSEC disabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with ACR disabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with RAP enabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with VPN enabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with WebCC disabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with BETA disabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with MM enabled
May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with VMC enabled

 

VRRP shows traffic is being sent by both, but received by neither:

 

ArubaMM-01

 

Virtual Router 100:

Admin State UP, VR State MASTER

Advertisements:
Sent: 1777 Received: 0
Zero priority sent: 1 Zero priority received: 0
Lower IP address received 0 Lower Priority received 0
Tracking priority overflow: 0
Advertisements received errors:
Interval mismatch 0 Invalid TTL 0
Invalid packet type 0 Authentication failure 0
Invalid auth type 0 Mismatch auth type 0
Invalid VRRP IP address 0 Invalid packet length 0
VRRP Up timestamp: Fri May 5 12:57:34 2017
Master Up timestamp: Fri May 5 12:57:37 2017
Last advertisement sent timestamp: Fri May 5 13:09:03 2017
Last advertisement received timestamp: Fri May 5 12:57:37 2017
Current time: Fri May 5 13:09:04 2017
Number times became VRRP Master: 2

 

ArubaMM-02

 

Virtual Router 100:

Admin State UP, VR State MASTER

Advertisements:
Sent: 2149342 Received: 0
Zero priority sent: 1 Zero priority received: 0
Lower IP address received 0 Lower Priority received 0
Tracking priority overflow: 0
Advertisements received errors:
Interval mismatch 0 Invalid TTL 0
Invalid packet type 0 Authentication failure 0
Invalid auth type 0 Mismatch auth type 0
Invalid VRRP IP address 0 Invalid packet length 0
VRRP Up timestamp: Fri May 5 12:58:23 2017
Master Up timestamp: Fri May 5 12:58:27 2017
Last advertisement sent timestamp: Fri May 5 13:08:25 2017
Last advertisement received timestamp: Fri May 5 12:58:27 2017
Current time: Fri May 5 13:08:26 2017
Number times became VRRP Master: 2

 

 

I cannot find why this is not working. Their is no firewall or router between these devices as they are on the same subnet. No ACLs I'm aware of on the switches. Any ideas?


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com

Re: ArubaMM - VRRP Not Establishing

Also, I can ping from both ends, and verified ARP was resolving to the correct MAC addresses, which it is.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Aruba Employee

Re: ArubaMM - VRRP Not Establishing

Hi Michael,

 

Are the ports trusted on both ends ?

 

As per the logs, there is  little difference in the clock on both controller (not sure if it could be related to difference when commands were executed).

Frequent Contributor II

Re: ArubaMM - VRRP Not Establishing

It looks like ArubaMM-02 is missing the priority line.

Perhaps priority 100.


Bruce Osborne - Wireless Engineer
ACCP, ACMP

Re: ArubaMM - VRRP Not Establishing

Thanks bosborne, but the priority is set to default, so it doesn't show up in the running config, it is set to 100. I defined MM-01 in order to take priority.

________________________________
Michael Haring | Network Engineer
(610) 246-6037 | Comm Solutions

Sent from my iPhone

Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: