After upgrading to 7.4.5 I was going to push out a small change to all of my controllers but discovered that it wasn't working.
Here's what I've done troubleshooting this issue so far...
1. Recreated the changes and re-released it.
2. I can ping from the Airwave Server to the Controllers and vice versa
3. Ping from the local controllers to the Master and the backup Master, no replies.
4. Checked with my WAN manager to make sure he didn't make any changes to the school's ACLs
5. Looked at the Debug log on one of the controllers and it is deplaying the following message.
"Cannot heartbeat with the master"
6. I looked this error up on Airheads and found a message thread that Colin suggests to enter the following...
"show datapath session table " Check to see if that output contains UDP 4500 traffic" YES IT DOES
"show crypto ipsec sa" "No active IPSEC SA"
7. I reentered the ipSEC Key on both the controller and the master and that didn't work.
8. I followed the instructions to initiate the debug logging...
logging level debugging security process aaa logging level debugging security subcat ike logging level debugging security process authmgr logging level debugging security process crypto Results is attached
AOS 188.8.131.52 (management off loaded to AMP server)
The change worked on the Master but not the locals... The "show crypto ipsec sa" is now showing "Active Sessions" on the local controllers so I'll check to see if I can push something out now.
I moved this post to the AOS discussion forum, given that it's an issue with master->local config changes.
When I call up the Datapath Session Table Entries on the Master Controller, which is working fine, and a Local controller that isn't, I get these different data for port 4500...
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Flags-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- -----XX.XX.XX.XX XX.XX.XX.XX 17 4500 4500 0/0 0 0 1 1/0 10 FC
XX.XX.XX.XX XX.XX.XX.XX 17 4500 4500 0/0 0 0 0 local 389 F
In this particular case the Master and the Local controllers are hanging off the same Router. I've shown my WAN manager this difference in Datapath tables and he doesn't know what is going on.
NOTE: I've changed the IPSec Key again on the Master and Local to a very simple one just to make sure I'm not fumble fingering it.
All the local controllers show up except for the one that I'm having a problem with. I also ran the command with "all" and it didn't show up in the list as well.
Do you have individual ipsec entries for local controllers or global ones?
Please open a case so we can figure out why they refuse to connect.
Individual IPsec entries for the controllers.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.