Wireless Access

Reply
Occasional Contributor I

Reboot Loop: Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT.

Hi all, 

 

First of all, I have done some digging through the Forums and found several references to the issue eluded to in my title, but so far have found nothing that has helped me resolve the problem.

 

There's a brief back story I'll put out there first...

 

I configured an AP105 as a RAP in the UK using our standard procedure; used setenv master, defined the RAP in the Whitelist and added to the RAP Group. AP booted up fine and was usable. I visited our Milan office to peform a LAN upgrade (purely switch swap) and connected the AP. While I was there, I was able to connect to our internal WiFi SSIDs.

 

Two weeks later, the AP had 'magically' decided that it wanted to be owned by our controller in the US, which the Network team there asked me to remove as it was using one of their licenses. Removed the AP from the AMP server but it kept coming back as being picked up by the US controller. I discoverde that this was due our mutilple-domain environment and it picking up aruba-master.int.. rather than aruba-master.eame...

 

To get around this, I asked or server admin to give the AP a static IP address and change the DNS server field to eame.domain.com (where the UK controller resides as aruba-master).

 

The AP is now picking up an IP address and contacting the UK controller... but then it looks as though the communication stops:

 

Feb 27 14:16:03 nanny[605]: <303086> <ERRS> |AP mil-erap1@10.63.24.145 nanny| Process Manager (nanny) shutting down - AP will reboot!
Feb 27 14:16:03 nanny[605]: <303086> <ERRS> |AP mil-erap1@10.63.24.145 nanny| Process Manager (nanny) shutting down - AP will reboot!
Feb 27 14:16:03 sapd[662]: <311002> <WARN> |AP mil-erap1@10.63.24.145 sapd| Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1278 dest=10.62.16.1 tries=10 seq=0
Feb 27 14:17:05 nanny[605]: <303022> <WARN> |AP mil-erap1@10.63.24.145 nanny| Reboot Reason: AP rebooted Fri Dec 31 16:04:35 PST 1999; SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1278 dest=10.62.16.1 tries=10 seq=0

 

This loop continues...

 

It appears that the communication path is clear though. I can ping/traceroute from the controller, from the UK and Milan switches from controller IP to AP IP.

 

sh datapath session table appears to show the devices communicating:

 

(crw-aruba01) #show datapath session table 10.63.24.145


Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal

Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
10.62.16.1 10.63.24.145 17 8211 8211 0/0 0 0 1 pc0 9 0 0 FYI
10.62.16.1 10.63.24.145 17 8222 8211 0/0 0 0 1 pc0 9 0 0 FYI
10.63.24.145 10.62.16.1 17 8211 8211 0/0 0 0 1 pc0 9 0 0 FCI
10.63.24.145 10.62.16.1 17 8211 8222 0/0 0 0 1 pc0 9 0 0 FYCI
10.62.16.1 10.63.24.145 17 44690 8211 0/0 0 0 0 pc0 9 0 0 FYI
10.63.24.145 10.62.16.1 17 8211 44690 0/0 0 0 0 pc0 9 0 0 FYCI

 

(crw-aruba01) #ping 10.63.24.145
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 10.63.24.145, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36.468/37.1382/37.906 ms

 

(crw-aruba01) #traceroute 10.63.24.145
Tracing the route to 10.63.24.145 ....

1 10.62.16.126 (10.62.16.126) 0.732 ms 0.400 ms 0.381 ms
 - hops removed for cleanliness
9 10.63.24.145 (10.63.24.145) 37.020 ms 36.754 ms 36.974 ms


(crw-aruba01) #

 

It just refuses to go any further and will not appear on the AMP server as a new device or the ap database on the controller.

 

Any help to resolve this would be appreciated.

 

Controller AOS version: 6.2.1.4

AMP Server version: 7.6.4

 

We have deployed several other RAPs to similar sites with no issues previously. Sites are connected via IPSec/GRE.

 

Many Thanks.

 

Guru Elite

Re: Reboot Loop: Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT.

Make sure the ap-group that the RAP is in does not have an LMS-IP in the AP System Profile.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: Reboot Loop: Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT.

The AP system profile does have an LMS-IP specified ... it's set to the controller on our France HQ.

 

Will removing this have any adverse affects on any of the other RAPs we have deployed regionally?

 

Thanks.

Occasional Contributor I

Re: Reboot Loop: Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT.

Out of interest I checked the AP system profiles from other regions:

 

NALA has LMS-IP set to our Calgary controller

USA has LMS-IP set to our Houston controller

EAME has LMS-IP set to the France controller

 

... so it seems this is a standard config for our setup.

 

Perhaps we need to create a UK-RAP-GRP & system profile with the LSM-IP configured as the UK controller?

 

Unfortunately, I can't go about making changes without justification or prior knowledge of what it affects/will change.

Guru Elite

Re: Reboot Loop: Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT.

Don't change anything.

 

Just to be sure:

 

Do all of your controllers have the same version of ArubaOS?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: