Wireless Access

Reply
Occasional Contributor II
Posts: 18
Registered: ‎01-06-2015

PAPI traffic between WLC and AirWave ?

Hi Guys,

 

I have a customer with 3 WLC Cluster and AirWave. AirWave is used for monitoring and also for SNMP and Syslog messages. So in the WLC Config the AirWave IP appears 3 times:

mgmt-server type amp primary-server 10.20.30.40 profile default-amp

[…]

logging 10.20.30.40

[…]

snmp-server host 10.20.30.40 version 2c public udp-port 162

 

In the Checkpoint FW, I can see that SNMP and Syslog messages are send from the Mgmt Interface to AirWave. But I see also traffic classified as "Aruba_PAPIs", from the Data VRRP IP Address (not the mgmt) destinated to AirWave. This trafic is dropped because of Address Spoofing...

 

Is it normal that some PAPI traffic is exchanged between the Controller and AirWave (Airwave does only monitoring)?

Is it possible to force each Controller to use to Mgmt Interface as Source Interface to discuss with AirWave?

 

Thanks for your answers,

Kind regards,

Nicolas.

Guru Elite
Posts: 8,451
Registered: ‎09-08-2010

Re: PAPI traffic between WLC and AirWave ?

PAPI is used by AMON to send things like firewall data, UCC data and client
statistics to AirWave.



What do you have set for your controller IP?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 18
Registered: ‎01-06-2015

Re: PAPI traffic between WLC and AirWave ?

Hi Tim,

 

Thanks for your answer.

The controller-IP is the physical IP address from the Data interface

Occasional Contributor II
Posts: 18
Registered: ‎01-06-2015

Re: PAPI traffic between WLC and AirWave ?

Hi Tim,

 

Should I configure the management IP Address as Controller-IP?

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: PAPI traffic between WLC and AirWave ?

Do you have a firewall between the controller and Airwave?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 18
Registered: ‎01-06-2015

Re: PAPI traffic between WLC and AirWave ?

Hi Colin,

 

Yes I have a checkpoint firewall, but he is not blocking the traffic.

I want the PAPI messages to be sent from the Management interface not the Data interface

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: PAPI traffic between WLC and AirWave ?

type "show controller-ip".  That will determine what ip address AMON messages come from.

 

You can change the controller-ip, however:

 

(Aruba7640-US) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba7640-US) (config) #controller-ip ?
loopback                Set to loopback interface
vlan                    Set to VLAN interface

The only issue is that all of the AP traffic will have to be terminated on that ip address, as well..

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 18
Registered: ‎01-06-2015

Re: PAPI traffic between WLC and AirWave ?

My Controller-IP is the Data interface IP.

As I don't want my AP to connect to the management IP to build their tunnel, I cannot use the management IP as Controller-IP.

If I use a loopback, is it better to configure it with a /32 mask or use another IP from the Data subnet?

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: PAPI traffic between WLC and AirWave ?

If you use a loopback, it must be in the same subnet as another interface.  That becomes the management interface where AMON comes from and APs need to connect to.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: