03-06-2014 11:53 AM
My current WLAN is AOS 6.2, my test master controller is 6.3. I upgrade a local controller to 6.3 and try to associate it to the new 6.3 master controller with command “masterip x.y.z.n ipsec ******”.
After reload, the local controller no longer associates with 6.2 master, but it still retains the old config and won’t join the 6.3 master.
I can do this with reset the local controller to default and config the controller to the new master, but I have many remote sites to change.
Solved! Go to Solution.
03-06-2014 02:50 PM - edited 03-06-2014 02:54 PM
My local controller 650 version 184.108.40.206, upgrade to 220.127.116.11. It is identical AOS with 3600 master, but won't associate.
03-06-2014 03:30 PM
And that both can reach each other . Can you try ping?
Run the Show switches on the master
The local should have the masterip <IP address> key xxxx
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
03-06-2014 08:13 PM
So you are upgrading and then joining to your test setup, correct? Following Victor's suggestions should help. Be sure the local controller can communicate with the new master BEFORE attempting to create the master-local connection.
Make sure you are using the appropriate key on both sides.
On the master:
show run | begin localip
On the local:
show run | begin masterip
*if the master does not have a localip 0.0.0.0 ipsec ******* entry (0.0.0.0 indicating any local controller); it will need to have one specific to the IP of your new local.
Lastly, make sure you reboot the local (if you have not) after joining to the new master.
Assuming the above is correct, some additional troubleshooting commands from the master:
- show datapath tunnel table
...look for inbound and outbound IPSec tunnels
- show crypto isakmp sa
- logging level debugging security subcat ike
- show log security <#>
...look for IKE Phase 1 has mismatch (indicating wrong IKE passphrase)
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
03-07-2014 04:49 AM
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
03-07-2014 05:20 AM
Thanks all for the answers. Thanks victor for remind me to check for some basic in the low layer of network such as ping! When problem arrives I jump right to conclusion in the higher layer. It turns out the master could not ping the local because I did not set a default gateway.