Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎10-10-2011

IPSEC tunnels down and APs rebooting

I currently have an M3 as a master, M3 as local 1, and a 3600 as local2 all connected to a switch via trunk ports.  When i set up the IPSEC tunnels between the controllers without being connected to the existing LAN everything works fine.  As soon as I plug in my firewall connection and connection to the LAN to let the APs ride to the controller the IPSEC tunnels go down and the APs on the management VLAN all start flapping.  I am thinking this is a loop in the network.  Any input on this would be appreciated.

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: IPSEC tunnels down and APs rebooting

Do you have spanning-tree enabled?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎10-10-2011

Re: IPSEC tunnels down and APs rebooting

Yes, Spanning-tree is enabled on the controllers

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: IPSEC tunnels down and APs rebooting

On the upstream switch, please check the spanning tree status to ensure nothing is being blocked.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎10-10-2011

Re: IPSEC tunnels down and APs rebooting

Upstream switch is forwarding on spanning-tree

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: IPSEC tunnels down and APs rebooting


WVTinSC wrote:

I currently have an M3 as a master, M3 as local 1, and a 3600 as local2 all connected to a switch via trunk ports.  When i set up the IPSEC tunnels between the controllers without being connected to the existing LAN everything works fine.  As soon as I plug in my firewall connection and connection to the LAN to let the APs ride to the controller the IPSEC tunnels go down and the APs on the management VLAN all start flapping.  I am thinking this is a loop in the network.  Any input on this would be appreciated.


If all 3 controllers are connected to the same switch, what are the IPSEC tunnnels used for?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor I
Posts: 274
Registered: ‎04-04-2014

Re: IPSEC tunnels down and APs rebooting

 

Verify on the controllers that IPSEC endpoint IPs on the controllers ARP to the correct MAC addresses.  If not, look for proxy ARP problems, e.g., check that the firewall and routers on the distribution network agree with the netmasks assigned to the vlan and are not seeing packets that they think need fixup with proxy-ARP, as hairpins through a firewall are likely to be administratively prohibited.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: