Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Aruba AOS-CX tunneled node issue

This thread has been viewed 17 times
  • 1.  Aruba AOS-CX tunneled node issue

    Posted Oct 20, 2020 11:45 AM

    Hi guys,

     

    yesterday I build a lab to play around with the DUR and UBT stuff in AOS-CX. So far everything was working as expected until this morning.
    I did't changed the setup (and yes everything was saved properly) but the tunneling from a 6300 to an MM manged 7205 won't come up after the successfull authentication.
    After some time I reconfigured the 7205 (tunnelled-node-server statement) and everything was working as expected until I rebooted the switch. After a switch reboot (reproducible) the tunnel after a successful user authentication won't come up again.
    Rebooting the MD in a functional setup doesn't have any impact. The tunnel establishes after a successfull authentication.

    Can anyone explain (technically) to me why this might happen? Bug? Work as designed?

     

    Firmware: 
    MM and MD 8.6.0.6 (and tested with 8.5.0.4)

    6300 11.05.0020 and 11.05.0001
    Clearpass 6.9.3

     

    As stated the only workaround I found is to change the "tunneled-node-server IP" on the MD and put the right IP back in.

    Thanks for your help!


    #6300


  • 2.  RE: Aruba AOS-CX tunneled node issue

    EMPLOYEE
    Posted Oct 20, 2020 12:49 PM

    What does the output of "show ubt state" show?

     

    Are you using the physical gateway IP of the gateway?  Is that IP specified as the "controller-ip"?  Do you have enough AP licenses available?

     

    Can you do a "debug ubt all" on the switch (with debug destination buffer)?  Do a "show debug buffer" and capture the output.

     

    Also paste your switch config.



  • 3.  RE: Aruba AOS-CX tunneled node issue

    Posted Oct 20, 2020 01:47 PM

    Are you sure the tunnel is not up, or is just the client that is not getting into the controller's user table?

    Please post show ubt state, show ubt users all and show port-access clients. Also show tunneled-node-mgr tunneled-users on the controller.

    Disable enforce dhcp for the default-tunneled-user profile if you have it enabled.

     



  • 4.  RE: Aruba AOS-CX tunneled node issue
    Best Answer

    Posted Oct 21, 2020 07:47 AM

    Hi guys, thanks for your quick help and questions. I was just collecting all the requested outputs when I came across an article which seems to resolve the issue.

    Right now it seems that I have a config issue on the MD. The workaround I described in the inital post was to reconfigure the "tunneled-node-server ip" on the MD. And that was the problem.

    The MD should act as tunneled-node server for the 6300 switch. With the command "tunneled-node-server ip" on the MD you configure the MD to act as a client and NOT as a server.
    After reading this: ArubaOS does not allow a tunneled-node client and tunneled-node server to co-exist on the same managed device at
    the same time. the config issue was clear.
    After disabling the option by the command "tunneled-node-server 0.0.0.0" the MD acts in client mode again and everything works so far.

    Thanks again to all of your help and effort.