Wireless Access

Reply
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Changes won't push out to Controllers after Upgrade

After upgrading to 7.4.5 I was going to push out a small change to all of my controllers but discovered that it wasn't working.

 

Here's what I've done troubleshooting this issue so far...

 

1. Recreated the changes and re-released it.

2. I can ping from the Airwave Server to the Controllers and vice versa

3. Ping from the local controllers to the Master and the backup Master, no replies.

4. Checked with my WAN manager to make sure he didn't make any changes to the school's ACLs

5. Looked at the Debug log on one of the controllers and it is deplaying the following message.

    "Cannot heartbeat with the master"

6. I looked this error up on Airheads and found a message thread that Colin suggests to enter the following...

     "show datapath session table " Check to see if that output contains UDP 4500 traffic" YES IT DOES

     "show crypto ipsec sa" "No active IPSEC SA"

7. I reentered the ipSEC Key on both the controller and the master and that didn't work.

8. I followed the instructions to initiate the debug logging...

       logging level debugging security process aaa
       logging level debugging security subcat ike
       logging level debugging security process authmgr
       logging level debugging security process crypto       Results is attached

 

Airwave 7.4.5

AOS       5.0.3.0 (management off loaded to AMP server)

 



 



 

    

Regular Contributor I
Posts: 179
Registered: ‎04-15-2009

Re: Changes won't push out to Controllers after Upgrade

Do you get any errors in the AirWave UI pushing the config to the master? Is the change working on the master but not the locals?
Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Changes won't push out to Controllers after Upgrade

The change worked on the Master but not the locals... The "show crypto ipsec sa" is now showing "Active Sessions" on the local controllers so I'll check to see if I can push something out now.

Regular Contributor I
Posts: 179
Registered: ‎04-15-2009

Re: Changes won't push out to Controllers after Upgrade

I moved this post to the AOS discussion forum, given that it's an issue with master->local config changes. 

Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Changes won't push out to Controllers after Upgrade

[ Edited ]

When I call up the Datapath Session Table Entries on the Master Controller, which is working fine, and a Local controller that isn't, I get these different data for port 4500...

 

Master:  

Source IP          Destination IP    Prot    SPort    DPort     Cntr    Prio    ToS    Age    Destination    TAge    Flags
--------------         --------------           ----      -----        -----         ----      ----      ---       ---       -----------           ----        -----
XX.XX.XX.XX     XX.XX.XX.XX         17       4500     4500       0/0     0          0        1        1/0                     10        FC

Local:

XX.XX.XX.XX     XX.XX.XX.XX         17       4500     4500       0/0     0          0        0        local                 389       F

 

In this particular case the Master and the Local controllers are hanging off the same Router. I've shown my  WAN manager this difference in Datapath tables and he doesn't know what is going on.

 

NOTE: I've changed the IPSec Key again on the Master and Local to a very simple one just to make sure I'm not fumble fingering it.

Guru Elite
Posts: 21,554
Registered: ‎03-29-2007

Re: Changes won't push out to Controllers after Upgrade

Type "show switches" on the master to see if it has connectivity with the local.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Changes won't push out to Controllers after Upgrade

All the local controllers show up except for the one that I'm having a problem with. I also ran the command with "all" and it didn't show up in the list as well.

Guru Elite
Posts: 21,554
Registered: ‎03-29-2007

Re: Changes won't push out to Controllers after Upgrade

[ Edited ]

Do you have individual ipsec entries for local controllers or global ones?

 

Please open a case so we can figure out why they refuse to connect.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I
Posts: 179
Registered: ‎08-29-2008

Re: Changes won't push out to Controllers after Upgrade

Individual IPsec entries for the controllers.

Search Airheads
Showing results for 
Search instead for 
Did you mean: