Wireless Access

 View Only
last person joined: 13 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

7010 Tunnel drops with 100 IAPs

This thread has been viewed 18 times
  • 1.  7010 Tunnel drops with 100 IAPs

    Posted Dec 07, 2021 12:05 PM
    Hi, we have our IAPs setup using the virtual controller, but we terminate them to a 7010 controller for tunnelled SSIDs. Recently one of our sites has had extra IAPs installed and when 100 are online, they drop connection from the 7010 and the VC no longer connects, other VCs on the controller aren't affected. If I power down some APs to bring it below 100, they come back online. The IAPs are 535/534. We have been told there is a limit of 128 for the VC, is there a limit of 100 IAPs to a VC on the 7010?
    Thanks

    ------------------------------
    James Davies
    ------------------------------


  • 2.  RE: 7010 Tunnel drops with 100 IAPs

    Posted Dec 07, 2021 04:26 PM
    You would probably be best served by opening a technical support case with HPE.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: 7010 Tunnel drops with 100 IAPs

    Posted Dec 07, 2021 06:21 PM
    Hi James,

    For my understanding you run Aruba Instant APs that use IAP-VPN to a 7010 VPN Concentrator in the DC. A VPN tunnel based on GRE or IPSEC is created from your Aruba Instant VC to the VPN 7010.

    For IAP-VPN there is basically no license need on your 7010, but i could be you have custom firewall policies that required an PEFV license. So to be sure check if there are some licenses on your VPN Concentrator installed "show license summary", idem.

    Another this that could happened is that local IP pool is to small configured. Check on that.
    Aruba)(config)# ip local pool <pool-name> <start-ipaddr> <end-ipaddr>

    From controller hardware perspective a 7010 can handle 512 GRE and 2048 IPSEC tunnels, so i don't think that is the issue.

    Hope this helps! For urgent issues always call TAC support.

    ------------------------------
    Marcel Koedijk | MVP Guru 2021 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 4.  RE: 7010 Tunnel drops with 100 IAPs

    Posted Dec 08, 2021 03:54 AM
    Hi Marcel

    Yes that's correct, we use a GRE tunnel from the VC to the WLC.

    We don't have a license installed as we don't use any firewall policies, so when I run that command it says it needs to be run on the conductor.

    I did consider that, I increased the pool size, but I have just deleted and recreated the pool at a larger size, in case it didn't update to the larger pool size.

    Thanks.

    ------------------------------
    James Davies
    ------------------------------