Wireless Access

Reply
Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Replaced Standby Controller, RAP now not connecting

 

I have a VRRP based MASTER-MASTER redundancy, within the same network setup. 

Failover for the controllers works well.

I have CAPs and RAPs, and also a seperate Instant network VPN connection within my setup.

 

I originally had a W-7210 and W-7240 as the two controllers, but recently replaced the W-7240 with a W-7210.

I'm assuming the models are not important in my issue.

As far as I can tell, I have exactly replicated the controller config that I replaced on the new one.

 

When I intentionally fail the Active controller, the standby picks up as designed.  The CAPs move over to the standby(now Master) controller.  The VPN connection from my Instant network also gets reestablished.

The only thing wrong is the RAP doesn't reconnect to the new active Master. It stays down.

Manually rebooting the RAP doesn't help either.

 

I've reset the Instant and converted it to a RAP again, after completing the controller replacement. I did this just in case there was seom behind the scenes database info that replacing one of the controllers woudl cause an issue.

 

Is there anything I'm missing or can check?  

The RAP console only says "Transport endpoint is not connected"

Othe than that it correctly uses ADP to find/confirm the Master.

 

 

Regards,

Colin 

 

 

 

 

 

Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Re: Replaced Standby Controller, RAP now not connecting

Did you check the RAP whitelist on the standby to see if that AP is in there?

Do you have a VPN pool configured on the standby? (that config is individual to each controller).

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Replaced Standby Controller, RAP now not connecting

 

Yes, I have the whitelist and VPN pool set on both controllers.

 

I must have checked the whitelist mac 10 times to see if I typed it right :)

 

Regards,

Colin

 

Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Re: Replaced Standby Controller, RAP now not connecting

Well,

 

You need to

- type "show datapath session table | include 4500" to see if the traffic is hitting the controller

- type "show log security 50" to see if there are any errors to indicate what might be happening wrong.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Replaced Standby Controller, RAP now not connecting

I've run into this before with a brand new 3200XM.  I could not get any RAP to terminate on it.  #show crypto ipsec sa never displayed any peers.  TAC determined that the RSA key was bad and that erasing the controller and starting over was the fix.  We copied the config, erased the controller, and pasted the same config back in.  This resolved the problem for us.

 

Now my experience is not everyones, and the root of my problem could differ from yours.  For that reason, I'd only recommend wiping the controller as a last resort.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Replaced Standby Controller, RAP now not connecting

How do you have your LMS definition setup in the AP System profile?    Also, assuming you have some sort of NAT device translating its Internet IP to its internal IP, what IP is that NAT'ing to?   A physical IP of one of the controllers?  VRRP?

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Aruba Employee
Posts: 1
Registered: ‎03-17-2012

Re: Replaced Standby Controller, RAP now not connecting

you need to copy whitelist db from old controller to new controller. If you enable security logs, you would see authentication failure for RAP. What AOS release are you using?
How did you copy config to new controller ?
Super Contributor II
Posts: 429
Registered: ‎01-19-2011

Re: Replaced Standby Controller, RAP now not connecting

When using a database copied across from a master, when the master is unavailable you have to explicitly tell the local to use its internal (copied across) database using -

aaa authentication-server internal use-local-switch

 

Is this setting in place?

Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Replaced Standby Controller, RAP now not connecting

Matt,

 

I do not have any local controllers, just a MASTER-MASTER setup.  

 

I do not have the aaa command configured as you stated, but do I need to if I don't have local controllers?

 

 

Occasional Contributor II
Posts: 31
Registered: ‎05-04-2011

Re: Replaced Standby Controller, RAP now not connecting

Deepak,

 

I'm using 6.3.1.2 AOS.

 

I did not copy the config over.  I manually built the items that are local to the standby, and then let the rest copy over during the VRRP-based copy process. 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: