Hi James,
For my understanding you run Aruba Instant APs that use IAP-VPN to a 7010 VPN Concentrator in the DC. A VPN tunnel based on GRE or IPSEC is created from your Aruba Instant VC to the VPN 7010.
For IAP-VPN there is basically no license need on your 7010, but i could be you have custom firewall policies that required an PEFV license. So to be sure check if there are some licenses on your VPN Concentrator installed "show license summary", idem.
Another this that could happened is that local IP pool is to small configured. Check on that.
Aruba)(config)# ip local pool <pool-name> <start-ipaddr> <end-ipaddr>From controller hardware perspective a 7010 can handle 512 GRE and 2048 IPSEC tunnels, so i don't think that is the issue.
Hope this helps! For urgent issues always call TAC support.
------------------------------
Marcel Koedijk | MVP Guru 2021 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
------------------------------
Original Message:
Sent: Dec 07, 2021 04:33 AM
From: James Davies
Subject: 7010 Tunnel drops with 100 IAPs
Hi, we have our IAPs setup using the virtual controller, but we terminate them to a 7010 controller for tunnelled SSIDs. Recently one of our sites has had extra IAPs installed and when 100 are online, they drop connection from the 7010 and the VC no longer connects, other VCs on the controller aren't affected. If I power down some APs to bring it below 100, they come back online. The IAPs are 535/534. We have been told there is a limit of 128 for the VC, is there a limit of 100 IAPs to a VC on the 7010?
Thanks
------------------------------
James Davies
------------------------------