Wireless Access

Reply
New Contributor

Why do my RAP's shut down Internet access when my mobility controller is down?

We utilize a mobility controller and remote access points in order to do site to datacenter vpn's for our remote sites. Teh conenctions are split tunnelled, sending traffic to our domain subnets across the VPN tunnel and all other traffic goes out directly via the local Internet connection. On rare occasion the controller is down and is inaccessible to the RAP's, they no longer allow traffic at all outside the network, ie to Internet.

 

So we have at this point 30 sites reliant on the controller. If the controller is down, all 30 sites lose Internet access. Certainly there must be a way of configuring this that I am missing. Please help!

 

Regards,

Greg

Re: Why do my RAP's shut down Internet access when my mobility controller is down?

Create another SSID (psk) / VAP (bridge mode/always)

http://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/AP_Config.php
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor

Re: Why do my RAP's shut down Internet access when my mobility controller is down?

Thank you. We actually do not uutilize the wireless aspects in any way however. Strictly wired.

 

Internet Connection <-> RAP <-> Network Switch <-> Endpoints

Guru Elite

Re: Why do my RAP's shut down Internet access when my mobility controller is down?

The wired interfaces should automatically bridge that traffic out to the internet, BUT you probably have to change your ipsec retries number to 0 so that the access point does not reboot:

 

http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Remote_AP/Advanced_Configuration_O1.htm:

"

Backup Configuration Behavior for Wired Ports

If the connection between remote AP and the controller is disconnected, the remote AP will be exhibit the following behavior:

  All access ports on the remote AP, irrespective of their original forwarding mode will be moved to bridge forwarding mode.
  Clients will receive IP address from the remote AP's DHCP server.
  Client will have complete access to Remote AP's uplink network. You cannot enforce or modify any access control policies on the clients connected in this mode."

 

What you need to do is Change the number-IPSEC-Retries in that AP system profile to 0, so that the access point does not reboot, it simply tries to restablish itself without rebooting:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ap_system_profile.htm - "The number of times the AP will attempt to recreate an IPsec tunnel with the master controller before the AP will reboot. A value of 0 disables the reboot."



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: