Wireless Access

Reply
MVP
Posts: 291
Registered: ‎11-04-2008

Can you move local controller to different master?

Hi all,

 

My current WLAN is AOS 6.2, my test master controller is 6.3.  I upgrade a local controller to 6.3 and try to associate it to the new 6.3 master controller with command “masterip x.y.z.n ipsec ******”.

 

After reload, the local controller no longer associates with 6.2 master, but it still retains the old config and won’t join the 6.3 master.

 

I can do this with reset the local controller to default and config the controller to the new master, but I have many remote sites to change.

 

Regards,

~Trinh Nguyen~
Boys Town
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Can you move local controller to different master?

Needs to be in the same AOS 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 291
Registered: ‎11-04-2008

Re: Can you move local controller to different master?

[ Edited ]

 

My local controller  650 version 6.2.1.3, upgrade to 6.3.1.3.  It is identical AOS with 3600 master, but won't associate.

 

 

 

~Trinh Nguyen~
Boys Town
MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Can you move local controller to different master?

Make sure both keys match .

And that both can reach each other . Can you try ping?

Run the Show switches on the master

The local should have the masterip <IP address> key xxxx



Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Can you move local controller to different master?

So you are upgrading and then joining to your test setup, correct?    Following Victor's suggestions should help.    Be sure the local controller can communicate with the new master BEFORE attempting to create the master-local connection.

 

Make sure you are using the appropriate key on both sides.

 

On the master:

encrypt disable

show run | begin localip

 

On the local:

encrypt disable

show run | begin masterip

 

*if the master does not have a localip 0.0.0.0 ipsec ******* entry (0.0.0.0 indicating any local controller); it will need to have one specific to the IP of your new local.


Lastly, make sure you reboot the local (if you have not) after joining to the new master.

 

Assuming the above is correct, some additional troubleshooting commands from the master:

 

  • show datapath tunnel table

...look for inbound and outbound IPSec tunnels

 

  • show crypto isakmp sa
  • logging level debugging security subcat ike
  • show log security <#>

 

...look for IKE Phase 1 has mismatch (indicating wrong IKE passphrase)

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Can you move local controller to different master?

Do the keys match? What does the logs say on both ends?
Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 291
Registered: ‎11-04-2008

Re: Can you move local controller to different master?

Thanks all for the answers.  Thanks victor for remind me to check for some basic in the low layer of network such as ping!  When problem arrives I jump right to conclusion in the higher layer.  It turns out the master could not ping the local because I did not set a default gateway.

~Trinh Nguyen~
Boys Town
Search Airheads
Showing results for 
Search instead for 
Did you mean: