Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ArubaOS 8.1 VMC Strange Issues

This thread has been viewed 2 times

  • 1.  ArubaOS 8.1 VMC Strange Issues

    Posted Apr 24, 2017 05:57 PM

    So I migrated our config from an old 620 controller to a standalone VMC, I can get a new AP-207 to join as a CAP but had a couple of very weird issues...

     

    1) Cannot terminate RAPs - I can see the UDP-4500 connections in 'show datapath session', they are whitelisted and I have a RAP pool configured. I did notice this error in the logs that reoccurs:

     

    stm[5469]: <399803> <5469> <ERRS> |stm| An internal system error has occurred at file sapm_fw.c function handle_nate_pool__message line 399 error NAT pools, receive error .

     

    2) Traffic forwarding simply does not work with interfaces G0/0/1 and G0/0/2. Port is enabled, connected in vSphere to a working port group etc. These errors present in logs:

     

    ofa[5762]: <310202> <5762> <ERRS> |ofa| ofa_netdev_set_trunk_vlan: interface (G0/0/0) not found
    ofa[5762]: <310202> <5762> <ERRS> |ofa| ofa_netdev_set_trunk_vlan: interface (G0/0/1) not found
    ofa[5762]: <310202> <5762> <ERRS> |ofa| ofa_netdev_set_trunk_vlan: interface (G0/0/2) not found



  • 2.  RE: ArubaOS 8.1 VMC Strange Issues

    EMPLOYEE
    Posted May 30, 2017 04:43 AM

    Did you do ´set-trust-anchor self-signed´? As VMC don´t have TPM, you need to manually trust the self signed certificate.

     

    -Anders



  • 3.  RE: ArubaOS 8.1 VMC Strange Issues

    Posted May 30, 2017 04:46 AM
    Unfortunately the lab environment isn't up and running anymore - is this something that is needed to make it work? Have you seen it working before with this config?


  • 4.  RE: ArubaOS 8.1 VMC Strange Issues

    EMPLOYEE
    Posted May 30, 2017 04:59 AM

    Yes, with VMC you need to add that. For hw controllers, you don´t since they have TPM.



  • 5.  RE: ArubaOS 8.1 VMC Strange Issues

    Posted Aug 30, 2017 11:49 AM

    Hello Anders,

     

    I am having this issue with the IAP-VPN connection not establishing the IPSEC tunnel and was hoping you could provide more information on the set-trust-anchor self-signed command. The only reference I can find in documentation is in the 8.1 CLI reference guide and it does not give any more information than a description.

     

    What will the command affect? Will it interrupt service for existing campus AP's that are already attached to a VMC or is it only for IAP-VPN/RAP connections via IPSEC?

     



  • 6.  RE: ArubaOS 8.1 VMC Strange Issues

    EMPLOYEE
    Posted Aug 30, 2017 01:38 PM

    I don't think VMC supports IAP-VPN. The user guide should call this out. 

     

    First page of Instant AP VPN Support

     

    IAP VPN is supported only on hardware mobility controllers (7000 Series and 7200 Series) including controllers that

    are stand-alone or managed by Mobility Master. However, IAP VPN termination is not currently supported on virtual

    mobility controllers. Masters (Mobility Master and Master Controller Mode) do not support any AP termination

    including campus APs, remote APs and IAP VPN tunnels.



  • 7.  RE: ArubaOS 8.1 VMC Strange Issues

    Posted Sep 01, 2017 03:44 PM

    I appreciate the response; so I am getting this right that it will support RAP units but not IAP-VPN?

     

    And the other portion of the first question was what implications should be drawn when executing the set-trust-anchor self-signed command?

     

    Thank you for your help!

     

    Justin