Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Broken Tunnel

Jump to Best Answer
  • 1.  Broken Tunnel

    Posted Feb 08, 2013 10:50 PM

    Hi All

              We see the APs are bouncing between the master and local controller. The error message we see in the logs "Broken Tunnel". I know for the sure this may due to Traffic issue.

     

    We have the DHCP servers on the controllers for APs and Client as well.

     

    Ip mobility is also enabled.

     

    I found under AP system-profile  " HeartBeat DSCP value as 0" By modifying  it to 46 will it make any difference.

     

    Setup

     

    Wireless controller ---router- layer-2 Switch --AP

     

     



  • 2.  RE: Broken Tunnel

    Posted Feb 09, 2013 05:00 AM

    Please explain better your issue - in order for us to assist you.

     :smileyhappy:

    also please send some logs regarding the diffrent vaps\vlan\ap-system-profile\ips\dhcp

     

    rgrds.

     

    Me.



  • 3.  RE: Broken Tunnel

    Posted Feb 09, 2013 05:02 AM

    Please also check if you have lms\backup lms and in ap-system-profile.

     

    and prinut-out debug log (if u can)



  • 4.  RE: Broken Tunnel

    Posted Feb 09, 2013 05:20 AM
      |   view attached

    Here is some needed ports in order for GRE or IPSEC to work as the need in fron of Aruba Controller.

    Check that everything configured like it should:

    (screenshot of the pdf)

    FW - GREIPSEC_PORT INFO

     *ATTACHED AS PDF TO THIS POST*

    ----------------

    Hope it will give u some idea.

     

    Me



  • 5.  RE: Broken Tunnel

    Posted Feb 10, 2013 09:22 PM

    Hi,

         All the APs in the network are not Bouncing at once . One or Two APs out of 3000 APs in the network bootstrap. May i know what exactly heartbeat dscp available under AP  system profile  does and when we use it?



  • 6.  RE: Broken Tunnel

    Posted Feb 11, 2013 02:27 AM
    It allows you to prioritise AP heart beat traffic.

    DSCP value of AP heartbeats. The supported range is 0-63, and the default value is 0


  • 7.  RE: Broken Tunnel

    Posted Feb 12, 2013 09:59 PM

    So will  it help arresting Bootstrap due to traffic issues. May i know the logs you may require to isolate the issue please



  • 8.  RE: Broken Tunnel

    Posted Feb 12, 2013 10:52 PM

    If it is a couple access points, make sure that:

     

    - the access points negotiated the duplex and speed on the switch correctly

    - The controller has enough physical bandwidth to service all of your APs.  The unwritten rule is 1 gigabit interface for every 100 APs.

     



  • 9.  RE: Broken Tunnel

    Posted Feb 14, 2013 03:35 AM

    Thank you Colin. Yes it is one AP for sure on daily basis.

     

    We have port channel size of two gigabit ports are configured connecting to layer 3 switch .

     

     Controller ----Layer3 Switch -- Layer2 switch -AP.

     

    I see ICMP unreachable messages in the techsupport  logs for AP.

     

    I would like to verify in the edge switch the uplink port cost is manually configured as 100 will it make any difference. As this was done by previous engineer before i took over.

     

    I am pretty new to this world of  Wireless . Please advice.

     

    Please advice me this how to proceed and let me know if any information is required.

     

     

     

     



  • 10.  RE: Broken Tunnel

    Posted Feb 16, 2013 12:11 AM

     

    Hi All,

               Following are the messages i am seeing on the controller of the AP tech-support which bootstraps with broken tunnel message.

     

    The controller ip is 192.168.210.45.

     

    ved ICMP (DEST_UNREACH, PROT_UNREACH) from 192.168.210.45 for vap 0:0
    asap_gre_err: Received ICMP (DEST_UNREACH, PROT_UNREACH) from 192.168.210.45 for vap 0:4
    asap_gre_err: Received ICMP (DEST_UNREACH, PROT_UNREACH) from 192.168.210.45 for vap 0:0
    asap_gre_err: Received ICMP (DEST_UNREACH, PROT_UNREACH) from 192.168.210.45 for vap 0:0

     

    Please let me know what should i check or how to proceed with the troubleshooting.

     

    As i said we have 1 AP bootstrap minimum per day and we have in total around 4000 AP. AT times we do see 4 or 5 AP bootstraps at th same time .



  • 11.  RE: Broken Tunnel

    Posted Feb 16, 2013 05:55 AM

    You should show us a network diagram. That problem is typically when you have a link that is congested and heartbeats from the ap could be lost on the way to the controller.

     

     

     

     

     

    We are not in you network, so you will have to look at your network or open a support case.  A couple bootstraps in a network that size is not cause for alarm.



  • 12.  RE: Broken Tunnel
    Best Answer

    Posted Feb 16, 2013 05:57 AM

    @thanjavuru wrote:

    Thank you Colin. Yes it is one AP for sure on daily basis.

     

    We have port channel size of two gigabit ports are configured connecting to layer 3 switch .

     

     Controller ----Layer3 Switch -- Layer2 switch -AP.

     

    I see ICMP unreachable messages in the techsupport  logs for AP.

     

    I would like to verify in the edge switch the uplink port cost is manually configured as 100 will it make any difference. As this was done by previous engineer before i took over.

     

    I am pretty new to this world of  Wireless . Please advice.

     

    Please advice me this how to proceed and let me know if any information is required.

     

     

     

     


    If the edge switch is manually configured, look at the interface to see if it has any errors.  If it has errors, clear the counters and change it to auto/auto.  Look again later and see if there are any errors.