Wireless Access

Reply
Frequent Contributor II
Posts: 116
Registered: ‎05-03-2013

Trying to setup master-local

[ Edited ]

I have 2 Aruba 650's, A and B.

 

I want A to be the master and it has the following setup:

VLAN1: 192.168.1.250. It is behind an internet router, 192.168.1.254. This router is also the default gateway for the controller.

I'm not 100% sure, but I think the VLAN1-ip is the 'main' IP of the controller. It is selected under 'Controller IP Details' under Network/Controller.

VLAN3: 10.11.12.13. This is a local LAN.

Loopback Interface is empty.

 

I want B to be the local and it has the following setup:

VLAN1: 192.168.2.250. It is behind an internet router, 192.168.2.254. This router is also the default gateway for the controller.  This internet router is a different internet router than the internet router controller A is behind. This IP also seems to be the 'main' IP of this controller.

VLAN3: 10.11.12.14. This is the same local LAN that controller A is on.

Loopback Interface is empty.

 

I'm trying to setup the master-local connection through VLAN3, since that's a local LAN and it has no firewalls etc. It should be much simpler than trying to route everything through the internet.

 

Before I set controller B to Local, controller A and B are able to ping each other on their VLAN3 IP's. Then I set controller B to local and set 10.11.12.13 as the master. I enter the same IPSEC key as was entered on the master for 0.0.0.0 (1 key for every possible local). After this, the controllers can no longer ping each other, probably because it's trying to setup IPSEC. However, the IPSEC is not successful it seems.

 

The process log on the local keeps repeating this:

Aug 19 11:32:11 cfgm[2276]: <399815> <INFO> |cfgm| Cannot connect to the master 10.11.12.13 error Operation already in progress errno 149 socket id 19
Aug 19 11:32:11 cfgm[2276]: <307242> <INFO> |cfgm| Failed to connect to the Master (10.11.12.13),Configuration socket will try again: Operation already in progress
Aug 19 11:32:11 cfgm[2276]: <307103> <INFO> |cfgm| send_tcp_hb_master 103 Connection to the master failed, Will retry socket ID 19 state CONFIG_SOCKET_NOTCONNECTED
Aug 19 11:32:21 cfgm[2276]: <307025> <DBUG> |cfgm| local:Sending heartbeat message to MMS
Aug 19 11:32:21 cfgm[2276]: <399814> <DBUG> |cfgm| Sending the heartbeat message. Not Responding counter=10
Aug 19 11:32:21 cfgm[2276]: <307240> <DBUG> |cfgm| Connecting the Local CFGM socket, state 1
Aug 19 11:32:21 cfgm[2276]: <399815> <INFO> |cfgm| Cannot connect to the master 10.11.12.13 error Operation already in progress errno 149 socket id 19
Aug 19 11:32:21 cfgm[2276]: <307242> <INFO> |cfgm| Failed to connect to the Master (10.11.12.13),Configuration socket will try again: Operation already in progress

 

I guess the problem might be that Aruba wants me to use the 'main' IP's of the controllers to setup the relation instead of the VLAN3 IP? Is this true? Can't I just use the VLAN3 IP's? If I change the 'main' IP to local LAN IP, I no longer have internet access on the controller, it seems it can no longer talk to the default gateway anymore at that moment.

 

Does anyone have suggestions how I can make this work?

 

Edit: it seems that when I tell Aruba local to use 10.11.12.13 as a master IP, it tries to connect to 10.11.12.13 through its default gateway (who has no knowledge of the other controller), even though it could just use the 10.11.12.14-interface, which would work perfectly fine.

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Trying to setup master-local

Try adding a static route on controller B as follows:

 

ip route 192.168.1.250 255.255.255.255 10.11.12.13

 

This should route the controller IP for controller A via the local interface.

David
ACDX #98 | ACMP | ACCP
Frequent Contributor II
Posts: 116
Registered: ‎05-03-2013

Re: Trying to setup master-local

[ Edited ]

I can give that a go, but just trying to think logically, wouldn't it actually be

 

ip route 10.11.12.13 255.255.255.255 10.11.12.14

 

because I would like to route traffic to controller A (10.11.12.13) through the local LAN interface (10.11.12.14)?

 

The line you're suggesting would also require me to set the IP of the master controller for controller B to 192.168.1.250 I guess? And wouldn't that also require a route on controller A so that traffic to 192.168.2.250 goes through 10.11.12.14?

 

Edit:

I did on controller B:

set the IP of the master controller to 192.168.1.250 (instead of 10.11.12.13)

ip route 192.168.1.250 255.255.255.255 10.11.12.13

 

it didn't work yet.

 

Then I did on controller A:

ip route 192.168.2.250 255.255.255.255 10.11.12.14

 

now it's working. Cool. Thank you :)

 

Still pretty strange that the Aruba uses the wrong interface (the primary?) when I set the IP of the master controller to 10.11.12.13, even though it could just use the interface that is L2 connected to this IP. Also, I wonder how it determines what is the 'primary' interface. Is it VLAN1? Is it Port1? Does it depend on the setting under network/controller/Controller IP Details/IPv4 Address?

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Trying to setup master-local

The route would allow controller B to route to the master controller IP of 192.168.1.250. You could try this to allow controller B to talk to the designated controller IP of the master controller.

David
ACDX #98 | ACMP | ACCP
Frequent Contributor II
Posts: 116
Registered: ‎05-03-2013

Re: Trying to setup master-local

I editted my post above. It is now working. Thanks :)

 

I still have some questions though, but at least it's working.

Frequent Contributor II
Posts: 116
Registered: ‎05-03-2013

Re: Trying to setup master-local

To further complicate things, controller A and B are no longer on the same subnet. They are on seperate subnets, that are connected through a router.

 

So now it's like this:

 

I want A to be the master and it has the following setup:

VLAN1: 192.168.1.250. It is behind an internet router, 192.168.1.254. This router is also the default gateway for the controller.

VLAN3: 10.11.12.13. This is a local LAN.

 

I want B to be the local and it has the following setup:

VLAN1: 192.168.2.250. It is behind an internet router, 192.168.2.254. This router is also the default gateway for the controller.  This internet router is a different internet router than the internet router controller A is behind.

VLAN3: 10.11.13.14. This is a different LAN than controller A is on.

 

10.11.12.0-subnet and 10.11.13-subnet can talk to each other through router with IP's 10.11.12.2 and 10.11.13.2.

 

Does anyone know what routes I could add on the Aruba's to make them able to communicate?

 

I tried doing on controller B:

ip route 10.11.12.0 255.255.255.0 10.11.13.2

and

ip route 192.168.1.250 255.255.255.255 10.11.12.13

 

and on controller A:

ip route 10.11.13.0 255.255.255.0 10.11.12.2

and

ip route 192.168.2.250 255.255.255.255 10.11.13.14

 

but I don't think it likes doing a next-hop through another next-hop. It does not work.

 

Any suggestions?

 

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Trying to setup master-local

You would need to add routes to both the controllers and the routers:

 

on controller B:

ip route 10.11.12.0 255.255.255.0 10.11.13.2

and

ip route 192.168.1.250 255.255.255.255 10.11.13.2

 

On the router:

ip route 192.168.1.250 255.255.255.255 10.11.12.13

and

ip route 192.168.2.250 255.255.255.255 10.11.13.14

 

and on controller A:

ip route 10.11.13.0 255.255.255.0 10.11.12.2

and

ip route 192.168.2.250 255.255.255.255 10.11.12.2

 

David
ACDX #98 | ACMP | ACCP
Frequent Contributor II
Posts: 116
Registered: ‎05-03-2013

Re: Trying to setup master-local

Thank you. I'll give that a go tomorrow. Makes sense that I would need to add routes on the router in between the networks :)

 

Another option I have is letting the 2 controllers communicate through the internet. I have found documentation on what ports/protocols to open, but it's quiete a list. Does anyone know the bare minimum for a local-master setup?

Frequent Contributor II
Posts: 116
Registered: ‎05-03-2013

Re: Trying to setup master-local

[ Edited ]

Thanks, dg27. It's working correctly now through the LAN :) Your help has been excellent.

 

Actually, it turned out there were 2 routers between the LANS instead of 1, so I needed to adjust your instructions a little, but the principles were the same.

 

I'm still wondering about the minimal port/protocol requirements for connecting them through the internet, but at least it's working now.

MVP
Posts: 226
Registered: ‎03-03-2011

Re: Trying to setup master-local

Straight from the user guide:

 

Between any two controllers:
 IPSec (UDP ports 500 and 4500) and ESP (protocol 50). PAPI between a master and a local controller is encapsulated in IPSec.
 IP-IP (protocol 94) and UDP port 443 if Layer-3 mobility is enabled.
 GRE (protocol 47) if tunneling guest traffic over GRE to DMZ controller.
 IKE (UDP 500).
 ESP (protocol 50).
 NAT-T (UDP 4500).

David
ACDX #98 | ACMP | ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: