Wireless Access

We have recently migrated a set of our Aruba 3400 Controllers from traditional Rtr/Switch topology to Cisco ACI.  The last couple months we have noticed off occurrences dealing with Packet Loss from End Users either connected to APs or RAPs.  We have reloaded the 3400 Controllers a couple times and this seems to resolve the issue but only temporarily.  I am not 100% convinced we have the ACI Interfaces to Aruba Interfaces configured correctly which is causing our problems.


I also want to point out I have 2 Aruba 3400s at this location configured the same with the exception of Interface IPs.


Aruba Configuration:

SETUP:  Master / Local Configuration

MODEL: Aruba3400

VERSION: 6.3.1.14

ROLE:  Local Controller


vlan 30  - All Wireless User Subnet (AP & RAP)
vlan 60  - Management Network
vlan 168 - Guest Wireless User Subnet
vlan 567 - Mobile User Subnet (MDM)
vlan 966 - Public Network
!

interface gigabitethernet 1/0
        description "GE1/0"
        trusted
        trusted vlan 1-4094
        switchport mode trunk
        switchport access vlan 30
        switchport trunk allowed vlan 30,60,168,567
!
interface gigabitethernet 1/2
        description "GE1/2"
        trusted
        trusted vlan 1-4094
        switchport access vlan 966
!

interface vlan 60
        ip address xx.xx.xx.95 255.255.255.0
        no ip routing
        bcmc-optimization
!
interface vlan 30
        no ip routing
        bcmc-optimization
!                                              
interface vlan 966
        ip address xx.xx.xx.53 255.255.255.0
        no ip routing
        bcmc-optimization
!
interface vlan 567
        no ip routing
        bcmc-optimization
!
interface vlan 168
        no ip routing
        bcmc-optimization


GE 1/0 is up, line protocol is up
Hardware is Gigabit Ethernet, address is 00:0B:86:6F:26:0D (bia 00:0B:86:6F:26:0D)
Description: GE1/0 (RJ45 Connector)
Encapsulation ARPA, loopback not set
Configured: Duplex ( AUTO ), speed ( AUTO )
Negotiated: Duplex (Full), speed (1000 Mbps)
MTU 1500 bytes, BW is 1000 Mbit
Last clearing of "show interface" counters 23 day 12 hr 40 min 39 sec
link status last changed 23 day 12 hr 36 min 48 sec
    1744773237 packets input, 1376375032868 bytes
    Received 18338884 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input error bytes, 0 CRC, 0 frame
    15641428 multicast, 1726434353 unicast
    1683401939 packets output, 1352014369653 bytes
    0 output errors bytes, 0 deferred
    0 collisions, 0 late collisions, 0 throttles



CISCO ACI Configuration

VERSION - 12.0.2g


All Vlans are setup one to one with End Point Groups (EPG) and Bridge Domains (BD).  All EPGs are in a single VRF, Domain, Application Profile, and Tenant.


ACI Interface to Controller Configuration

      EPG30/BD30

    L2 Unknown Unicast = Flood
    L3 Unknown Multicast = Flood
    Multi Destination Flooding = Flood in BD
    ARP Flooding = Flood
    Encapsulation = Vlan-30
    No Contracts Used

Ethernet1/7 is up
admin state is up, Dedicated Interface
  Port description is CORSTLSDR3400-01:Fa1/0 INT
  Hardware: 1000/10000/auto Ethernet, address: f8c2.88b5.6a3f (bia f8c2.88b5.6a3f)
  MTU 9000 bytes, BW 1000000 Kbit, DLY 1 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  Port mode is trunk
  full-duplex, 1000 Mb/s, media type is 1G
  Beacon is turned off
  Auto-Negotiation is turned on
  Input flow-control is off, output flow-control is off
  Auto-mdix is turned off
  Rate mode is dedicated
  Switchport monitor is off
  EtherType is 0x8100
  EEE (efficient-ethernet) : n/a
  Last link flapped 03w23d
  Last clearing of "show interface" counters 00:47:05
  4 interface resets
  30 seconds input rate 8151544 bits/sec, 1117 packets/sec
  30 seconds output rate 7811080 bits/sec, 1122 packets/sec
  Load-Interval #2: 5 minute (300 seconds)
    input rate 14173696 bps, 1810 pps; output rate 14368184 bps, 1851 pps
  RX
    6524296 unicast packets  4110 multicast packets  10048 broadcast packets
    6538454 input packets  5751643352 bytes
    0 jumbo packets  0 storm suppression bytes
    0 runts  0 giants  0 CRC  0 no buffer
    0 input error  0 short frame  0 overrun   0 underrun  0 ignored
    0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
    0 input with dribble  0 input discard
    0 Rx pause
  TX
    6283754 unicast packets  21733 multicast packets  3047 broadcast packets
    6308534 output packets  5677787433 bytes
    0 jumbo packets
    0 output error  0 collision  0 deferred  0 late collision
    0 lost carrier  0 no carrier  0 babble  0 output discard
    0 Tx pause



Could the way we have ACI configured be causing an issue with the trunk to the Aruba Controller? 

I honestly do not see anything wrong with the configuration. The unwritten rule is that either it does work or it does not work. The question is, what else may be happening in your network or do you have the interface statistics of the ACI or the logs.tar from the controller when it is happening?

Is the controller itself hard to reach at the time?

I do not seem to notice an issue accessing the Controller during this time. 

 

I have attempted to send a log.tar but it appears to be too large for email.  Do you have another way to receive files? 

 

 

Daniel