Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Can you move local controller to different master?

This thread has been viewed 1 times

  • 1.  Can you move local controller to different master?

    Posted Mar 06, 2014 02:53 PM

    Hi all,

     

    My current WLAN is AOS 6.2, my test master controller is 6.3.  I upgrade a local controller to 6.3 and try to associate it to the new 6.3 master controller with command “masterip x.y.z.n ipsec ******”.

     

    After reload, the local controller no longer associates with 6.2 master, but it still retains the old config and won’t join the 6.3 master.

     

    I can do this with reset the local controller to default and config the controller to the new master, but I have many remote sites to change.

     

    Regards,



  • 2.  RE: Can you move local controller to different master?

    Posted Mar 06, 2014 03:40 PM

    Needs to be in the same AOS 



  • 3.  RE: Can you move local controller to different master?

    Posted Mar 06, 2014 05:50 PM

     

    My local controller  650 version 6.2.1.3, upgrade to 6.3.1.3.  It is identical AOS with 3600 master, but won't associate.

     

     

     



  • 4.  RE: Can you move local controller to different master?
    Best Answer

    Posted Mar 06, 2014 06:30 PM
    Make sure both keys match .

    And that both can reach each other . Can you try ping?

    Run the Show switches on the master

    The local should have the masterip <IP address> key xxxx





  • 5.  RE: Can you move local controller to different master?

    Posted Mar 06, 2014 11:13 PM

    So you are upgrading and then joining to your test setup, correct?    Following Victor's suggestions should help.    Be sure the local controller can communicate with the new master BEFORE attempting to create the master-local connection.

     

    Make sure you are using the appropriate key on both sides.

     

    On the master:

    encrypt disable

    show run | begin localip

     

    On the local:

    encrypt disable

    show run | begin masterip

     

    *if the master does not have a localip 0.0.0.0 ipsec ******* entry (0.0.0.0 indicating any local controller); it will need to have one specific to the IP of your new local.


    Lastly, make sure you reboot the local (if you have not) after joining to the new master.

     

    Assuming the above is correct, some additional troubleshooting commands from the master:

     

    • show datapath tunnel table

    ...look for inbound and outbound IPSec tunnels

     

    • show crypto isakmp sa
    • logging level debugging security subcat ike
    • show log security <#>

     

    ...look for IKE Phase 1 has mismatch (indicating wrong IKE passphrase)

     



  • 6.  RE: Can you move local controller to different master?

    EMPLOYEE
    Posted Mar 07, 2014 07:50 AM
    Do the keys match? What does the logs say on both ends?


  • 7.  RE: Can you move local controller to different master?

    Posted Mar 07, 2014 08:20 AM

    Thanks all for the answers.  Thanks victor for remind me to check for some basic in the low layer of network such as ping!  When problem arrives I jump right to conclusion in the higher layer.  It turns out the master could not ping the local because I did not set a default gateway.