Wireless Access

Reply
MVP
Posts: 1,437
Registered: ‎10-25-2011

VRRP config issue

I am trying to configure a VRRP between a 620 and a 3200. Master-Master (no redundancy).

Testing....

 

I setup my VRRP on my master first

 

vrrp 100
  priority 110
  authentication aruba123
  ip address 172.30.50.78
  description "wlc-1"
  vlan 1
  no shutdown
!

 

(dnoc-wlc-1.rdlab.dv) (config-vrrp)# show vrrp

Virtual Router 100:
    Description wlc-1
    Admin State UP, VR State MASTER
    IP Address 172.30.50.78, MAC Address 00:00:5e:00:01:64, vlan 1
    Priority 110, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type PASSWORD, Auth data: ********
    tracking is not enabled


It comes up as Master, VIP is pingable (50.78)

 

I then configure it on the backup-master and it becomes Master as well

vrrp 100
  priority 90
  authentication aruba123
  ip address 172.30.50.78
  description "wlc-2"
  vlan 1
  no shutdown
!

(dnoc-wlc-2.rdlab.dv) (config) #show vrrp


Virtual Router 100:
    Description wlc-2
    Admin State UP, VR State MASTER
    IP Address 172.30.50.78, MAC Address 00:00:5e:00:01:64, vlan 1
    Priority 90, Advertisement 1 sec, Preemption Disable Delay 0
    Auth type PASSWORD, Auth data: ********
    tracking is not enabled

In 'show log system' I see the following for both controllers:

WLC-1

Mar 27 11:13:34 :313329:  <DBUG> |fpapps|  VRRP: Sending Advertisement for vrid 100
Mar 27 11:13:38 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
Mar 27 11:13:38 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
Mar 27 11:13:38 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
Mar 27 11:13:39 :313329:  <DBUG> |fpapps|  VRRP: Sending Advertisement for vrid 100
Mar 27 11:13:42 :301278:  <INFO> |snmp| Authentication failure, bad community string
Mar 27 11:13:42 :301246:  <NOTI> |snmp|  201 SNMP Authentication Failed for Management station 172.30.49.19
Mar 27 11:13:43 :313329:  <DBUG> |fpapps|  VRRP: Sending Advertisement for vrid 100

WLC-2

Mar 27 11:13:46 :313329:  <DBUG> |fpapps|  VRRP: Sending Advertisement for vrid 100
Mar 27 11:13:49 :307048:  <DBUG> |cfgm|  Got a message from 8231:5010
Mar 27 11:13:49 :307050:  <DBUG> |cfgm| Received a IPSEC CFG Message
Mar 27 11:13:49 :307219:  <DBUG> |cfgm| Sending the IPSEC Configuration
Mar 27 11:13:50 :313329:  <DBUG> |fpapps|  VRRP: Sending Advertisement for vrid 100
Mar 27 11:13:54 :300197:  <DBUG> |licensemgr|  __license_timer
Mar 27 11:13:54 :300149:  <DBUG> |licensemgr|  __license_expire: executing cmd SELECT id, skey, installed, expires, complete, enabled, icount, inactive from licenseinfo_new
Mar 27 11:13:54 :300197:  <DBUG> |licensemgr|  __license_remove_cli_warning: removing warning file
Mar 27 11:13:54 :300197:  <DBUG> |licensemgr|  __license_publish_expiry: not publishing update value unchanged [-1
Mar 27 11:13:55 :313329:  <DBUG> |fpapps|  VRRP: Sending Advertisement for vrid 100

 

Both of them are sending advertisements but none of them are responding....any ideas?

 

 

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: VRRP config issue

you need to configure:

 

- VRRP first...  Make sure it works

- Master Redundancy Second (after VRRP) works.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 562
Registered: ‎11-28-2011

Re: VRRP config issue

I would suspect one of two things.

 

1. Either one of the ports from either controller into the network isn't "trusted".

2. There is a layer 2 split on VLAN1 between the two controller interfaces.

 

Can you ping between the two controller VLAN 1 IP interfaces? If so, it's worth trying a reboot.

 

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: VRRP config issue

Colin, not trying to do master redundancy, just a simple VRRP. Before I even touched controller 2, I made sure my #1 was master. I then configured it on #2. Both became Master without receiving any messages but both advertising their VRID The.Racking.Monkey. 1. Either one of the ports from either controller into the network isn't "trusted". They are trusted 2. There is a layer 2 split on VLAN1 between the two controller interfaces. No split -P
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: VRRP config issue

Can you ping each controller from another on that VLAN?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: VRRP config issue

yeah, they can ping each other, the VIP also responds.

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: VRRP config issue

[ Edited ]

you need to type "show vrrp 100 statistics" on each side and see what is happening.  Also make sure you do not have HSRP running on the same segment........



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: VRRP config issue

been running that command and I see the following:

  Last advertisement received timestamp:   never

Since I am piggybacking off our R&D network (no control over L2), I will check internally on Monday for HSRP

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,487
Registered: ‎03-29-2007

Re: VRRP config issue


pmonardo wrote:

been running that command and I see the following:

  Last advertisement received timestamp:   never

Since I am piggybacking off our R&D network (no control over L2), I will check internally on Monday for HSRP


Well, that means they cannot see each other, OR the preshared key is misconfigured.  They should be able to see master advertisements on their own subnet.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: VRRP config issue

preshared key is exact same.

Running a packet capture, I don't see any traffic which I find odd.

I tried with another controller (same subnet) I was able to see traffic but it still wouldn't work.

 

I'll try to figure this out on Tuesday.

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: