Wireless Access

HELLO

IN CONFIGURING A VRRP IN PRODUCTION ENVIRONMENT, THE PRIAMRY CONTROLLER IS A 3400 WITH AOS 5 VERSION CODE.

IN THOS CONTROLLER THE VRRP IP IS 192.,168.170.2 AND ALL THE RAPS ARE UP AND WORKING FINE.

BUT WHEN I CONNECT THE BACKUP CONTROLLER(3200) TO THE NETWORK ALL THE NETWORK IS DOWN I MEAN VOIP, DATA, PtP LINKS, RAPS ALL IS DOWN.

WHAT IS THE COMMNAD TO DEBUG THIS PROBLEM, I WANT TO CONNECT THE 3200 AGAIN AND TROUBLESHOOT WHAT IS HAPENING INSIDE THE BOX

URGENT, THANKS

We will need more information.

Run the following commands on the primary controller and post the output:

show vrrp

show ip interface brief

Then bring up the other controller, without it connected to the network (console into it). Run the same commands and post the output.

It sounds like you might have a duplicate IP somewhere. Also, are your AP's pointed to the VRRP address as their LMS?

I DONT HAVE DUPLICATE IP I THOUGHT WAS THAT BUT NO DUPLICATE. :S :S :S

THIS IS THE MASTER

(Aruba3400) #show vrrp


Virtual Router 1:
    Description Preferred-Master
    Admin State UP, VR State MASTER
    IP Address 192.168.170.2, MAC Address 00:00:5e:00:01:01, vlan 170
    Priority 120, Advertisement 1 sec, Preemption Disable
    Auth type PASSWORD, Auth data: 1234567890
    tracking type is master-up-time, duration 30 minutes, value 20
    tracked priority 140

(Aruba3400) #show ip interface br

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                    172.16.0.254 / 255.255.255.0     up      down
vlan 170                 192.168.170.1 / 255.255.255.0     up      up
vlan 100                    unassigned / unassigned        up      up
vlan 101                    unassigned / unassigned        up      up
vlan 10                     unassigned / unassigned        up      up
vlan 20                     unassigned / unassigned        up      up
vlan 30                     unassigned / unassigned        up      up
vlan 40                     unassigned / unassigned        up      up
vlan 50                     unassigned / unassigned        up      up
vlan 60                     unassigned / unassigned        up      up
vlan 70                     unassigned / unassigned        up      up
vlan 80                     unassigned / unassigned        up      up
vlan 90                     unassigned / unassigned        up      up
vlan 110                    unassigned / unassigned        up      up
vlan 150                 192.168.150.1 / 255.255.255.0     up      up
loopback                192.168.170.10 / 255.255.255.255   up      up
mgmt                        unassigned / unassigned        down    down

-------------------------------------------------------------------------------------------------

THIS IS THE BACKUP

(Aruba3200-US) #show vrrp


(Aruba3200-US) #

(Aruba3200-US) #show ip interface br

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                    172.16.0.253 / 255.255.255.0     up      up
vlan 170               192.168.170.110 / 255.255.255.0     up      down
vlan 10                     unassigned / unassigned        up      down
vlan 20                     unassigned / unassigned        up      down
vlan 30                     unassigned / unassigned        up      down
vlan 40                     unassigned / unassigned        up      down
vlan 50                     unassigned / unassigned        up      down
vlan 60                     unassigned / unassigned        up      down
vlan 70                     unassigned / unassigned        up      down
vlan 80                     unassigned / unassigned        up      down
vlan 90                     unassigned / unassigned        up      down
vlan 100                    unassigned / unassigned        up      down
vlan 110                    unassigned / unassigned        up      down
vlan 150               192.168.150.110 / 255.255.255.0     up      down
vlan 101                    unassigned / unassigned        up      down
loopback                192.168.170.11 / 255.255.255.255   up      up
mgmt                        unassigned / unassigned        down    down

How about a show vrrp from the 3200?

i dont have the vrrp configured yet in the 3200

THIS IS THE BACKUP

(Aruba3200-US) #show vrrp


(Aruba3200-US) #

:s :S

Huh. So VRRP isn't configured on the 3200 yet? If you do a show run | begin vrrp, you should see this on the 3200:

vrrp 1
authentication password
ip address 192.168.170.2
vlan 170
no shutdown

Is that in the show run on the 3200?

To be safe, you should open a support case so that they can troubleshoot this live.  There are a number of factors that could be at play and you cannot afford an outage based on the limited information in the forum.

---

@cjoseph wrote:

To be safe, you should open a support case so that they can troubleshoot this live.  There are a number of factors that could be at play and you cannot afford an outage based on the limited information in the forum.

 

---

Agreed.

I want ot mention two things first before we set up the VRRP on the backup

• When you add the backup , make sure that there is no spanning tree issue, check for any loops in the network. On Aruba controllers spanning tree is enabled by default.

• When you are taking about RAPs, they connect over the internet. So your LMS ip should be a public interface and then your external firewall can nat this IP to the VRRP instance between the master and the backup controller.

• Configure VRRP on the backup controller with the lower priority than the master else the backup wil become the master and the  database will sync from backup to master

Regards,

Sathya

i agree with all the opinios i opened a case in Aruba but take to long to answer, as you reques the sh run | begin vrrp thi is the ouput

(Aruba3200-US) #show running-config | begin vrrp
Building Configuration...

(Aruba3200-US) #

I will explain more and sorry for my english but i will write as best i can, ok? I ATTACHED AND IMAGE  of the phisical configuration.

The network are working fine with only one controller the 3400, i create a VRRP instances in this controller :

vrrp 1
  priority 120
  authentication c0L1M4n&
  ip address 192.168.170.2
  description "Preferred-Master"
  vlan 170
  tracking master-up-time 30 add 20
  no shutdown

The firewall fortinet it faces to the internet and this dude is made the NAT form the public ip to the interla IP of the VRRP IP 192.168.170.2, from here everithink is ok

This Aruba3400 is in trunk in the interface GigE:

interface gigabitethernet  1/0
    description "GE1/0"
    trusted
    trusted vlan 1-4094
    switchport mode trunk
    switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100-101,110,150,170

!

(Aruba3400) #show ip interface br

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                    172.16.0.254 / 255.255.255.0     up      down
vlan 170                 192.168.170.1 / 255.255.255.0     up      up
vlan 100                    unassigned / unassigned        up      up
vlan 101                    unassigned / unassigned        up      up
vlan 10                     unassigned / unassigned        up      up
vlan 20                     unassigned / unassigned        up      up
vlan 30                     unassigned / unassigned        up      up
vlan 40                     unassigned / unassigned        up      up
vlan 50                     unassigned / unassigned        up      up
vlan 60                     unassigned / unassigned        up      up
vlan 70                     unassigned / unassigned        up      up
vlan 80                     unassigned / unassigned        up      up
vlan 90                     unassigned / unassigned        up      up
vlan 110                    unassigned / unassigned        up      up
vlan 150                 192.168.150.1 / 255.255.255.0     up      up
loopback                192.168.170.10 / 255.255.255.255   up      up
mgmt                        unassigned / unassigned        down    down

This port is connected in trunk with the Cisco Siwtch SGE2000, and this swithc is in trunk in other port facing the fortinet, in the fortinet the customer create the sub interfaces. Each VLAN belong to each branch office we connect in the branch an RAP5WN from here all the network is working great!!! the customer is not using autentication all the ports of the RAP are trusted, authenticated allowall and tunnel mode

in the 3200 i create the same vlans number as the 3400 with no duplicate IP, only 2 VLANS have  IP address the VLAN 170 for the VRRP and the VLAN 150 for the DHCP for the wireless users in case of the primary 3400 fails

3200

(Aruba3200-US) #show ip interface br

Interface                   IP Address / IP Netmask        Admin   Protocol
vlan 1                    172.16.0.253 / 255.255.255.0     up      up
vlan 170               192.168.170.110 / 255.255.255.0     up      down
vlan 10                     unassigned / unassigned        up      down
vlan 20                     unassigned / unassigned        up      down
vlan 30                     unassigned / unassigned        up      down
vlan 40                     unassigned / unassigned        up      down
vlan 50                     unassigned / unassigned        up      down
vlan 60                     unassigned / unassigned        up      down
vlan 70                     unassigned / unassigned        up      down
vlan 80                     unassigned / unassigned        up      down
vlan 90                     unassigned / unassigned        up      down
vlan 100                    unassigned / unassigned        up      down
vlan 110                    unassigned / unassigned        up      down
vlan 150               192.168.150.110 / 255.255.255.0     up      down
vlan 101                    unassigned / unassigned        up      down
loopback                192.168.170.11 / 255.255.255.255   up      up
mgmt                        unassigned / unassigned        down    down

interface gigabitethernet  1/0
    description "GE1/0"
    trusted
    trusted vlan 1-4094
    switchport mode trunk
    switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100-101,110,150,170

The connection betwenn cisco switches are in trunks with the sames VLANS i mentioned in this post......

A Im clear wtih my writing?

:)

Sathya no VRRP instances is configured in the backup conttoller im plannign to configure it but i cant because when i plug the patch cord on the port everothing comes down

It sounds like you might have a duplicate IP somewhere. Also, are your AP's pointed to the VRRP address as their LMS?

yes VRRP as their LMS