Wireless Access

Hello Everybody,

 

I have two Aruba 7210 controllers one is master and one is standby, few days ago the master controller had hardware failure. so i am replacing the master with new master, i did the VRRP, LMS and redundancy configuration but i get this error UPDATE REQUIRED(Master Unreachable) at the monitoring controller section. 

I read that both of controllers should be in the same VLAN, but i cannot do this because the other controller is in production and it is configured as Trunk. 

 

Any thoughts?

 

Thanks,

Mahmoud

VRRP only works in the same L2 boundary, if these are in different subnets then you will need to look at Master/Local. The error you are seeing suggests that the either the controllers cannot communicate with each other or the previous failed controller is still in the db and the new controller has not been configured correctly.

 

So can you confirm the controllers are configured as Master/Master-Backup using VRRP and within the same VLAN? Or is this Master-Local with the controllers in different VLAN's? 

 

Is there anything blocking UDP4500 between the controllers?

 

Is the configuration on the replacement controller exactly the same as before the failure?

 

If you follow the below guide, it advises on the best way to replace a master controller in a production environment.

 

http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Control_Plane/Replacing_a__on_a_Multi_.htm

I am trunking the ports at the Aruba controllers, the same at the network side. and both of the Controllers IPs in the same subnet, Vlan. shouldn't that be ok? or there is something i have to do?

That is correct, have you also configured the VRRP (is this working? Does
one say master and the other backup?) and then configured your master
redundancy as well?

Yes one of them saying Master, and the Second controller (the new one ) saying Standby. but still couldn't reach each other

Is the master redundancy configured? What is the controller IP (#show
controller-ip) set to? Are you able to ping either controller from each
controller, do you have an ARP entry for each controller?

To confirm this is configured as Master-Master Backup as opposed to
Master-Local?

At the Device in production

(HWHR-Aruba-02) #show controller-ip

Switch IP Address: 10.27.22.12

Switch IP is configured to be Vlan Interface: 22

Switch IPv6 address is not configured.

 

the new device

(Aruba7210) #show controller-ip

Switch IP Address: 10.27.22.11

Switch IP is from Vlan Interface: 22

Switch IPv6 address is not configured.

 

 

the VRRP Configuration 

The one in production

 

master-redundancy
master-vrrp 22
peer-ip-address 10.27.22.11 ipsec 7587edadcf5ed9ce068ddf9839d52679d3a4dc8fef95d7ab
!
vrrp 22
priority 105
ip address 10.27.22.10
vlan 22
holdtime 90
tracking master-up-time 30 add 20
no shutdown
!
!
ip default-gateway 10.27.22.1

 

the new controller

master-redundancy
master-vrrp 22
peer-ip-address 10.27.22.12 ipsec bee615e13ebbe93f5e9e6afe138d0b5063c823592356aee8
!
vrrp 22
priority 110
ip address 10.27.22.10
description "Master"
vlan 22
holdtime 90
tracking master-up-time 30 add 20
no shutdown
!

Thanks Zi,

 

the IPsec Key wasn't written the same at the controllers, now everything is working fine,

thanks

You probably already did this but can you confirm that the ipsec key between the controllers is the same

i have attached a picture. the IPsec key is the same at both of the sides

Thanks 

Victor,

 

yes i realised that the key wasn't the same, i rewrote them and now everything is working. My bad.

 

Thank you so much for your Help