Hi all,
We have a problem on aruba OS version 8.4.0.4
we change lots of cisco WiFi controler and AP with Aruba controlers and AP.
We do not have MM juste Two 7205 and about 100+ AP on each place.
We try to make a"Standalone MC with Master Redundancy" https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-8-Fundamentals-Guide/ta-p/428914 ( page 197 )
We make the configuration (vrrp , master redundancy, database synchro , HA group) and then configure AP group with LMS ip address ( master) and backup ip address (standby) (+ 4 SSID)
but after provisionning a AP :
on master :
(EUR0100CW001-1) [mynode] #show ap database status up
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP
---- ----- ------- ---------- ------ ----- --------- ----------
EUR1009AP081 default 345 10.16.4.179 Up 3h:41m:11s 2 10.16.1.251 0.0.0.0
(EUR0100CW001-1) [mynode] #show datapath tunnel
+----+-------+-----------------------------------------------------+
|SUM/| | | |
|CPU | Addr | Description Value |
+----+-------+-----------------------------------------------------+
| | | |
| G | [000] | Current Entries 21 |
| G | [002] | High Water Mark 23 |
| G | [003] | Maximum Entries 12288 |
| G | [004] | Total Entries 47 |
| G | [007] | Max link length 1 |
+----+-------+-----------------------------------------------------+
Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap, I - Wi-Fi encap, R - Wired tunnel, F - IP fragment OK
W - WEP, K - TKIP, A - AESCCM, G - AESGCM, M - no mcast src filtering
S - Single encrypt, U - Untagged, X - Tunneled node, 1(cert-id) - 802.1X Term-PEAP
2(cert-id) - 802.1X Term-TLS, T - Trusted, L - No looping, d - Drop Bcast/Unknown Mcast,
D - Decrypt tunnel, a - Reduce ARP packets in the air, e - EAPOL only
C - Prohibit new calls, P - Permanent, m - Convert multicast, B - Bgw peer uplink tunnel
n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
V - enforce user vlan(open clients only), x - Striping IP, z - Datazone
H - Standby (HA-Lite), u - Cluster UAC tunnel, b - Active AAC tunnel, t - Cluster s-AAC tunnel
c - IP Compression, g - PAN GlobalProtect Tunnel, w - Tunneled Node Heartbeat
B - Cluster A-SAC Mcast, G - Cluster S-SAC Mcast, l - Tunneled Node user tunnel
f - Static GRE Tunnels, k- keepalive enabled, Y - Convert BC/MC to Unicast
# Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ----------------------- ----------------- ---------- ---------- ---------- --------------- ------------- -----------
20 10.16.5.251 10.16.4.179 47 8230 1500 349 0 0 2 0 0 48:4a:e9:c1:e8:73 0 0 0 IMASPab
18 10.16.5.251 10.16.4.179 47 8210 1500 321 0 0 2 0 0 48:4a:e9:c1:e8:71 0 0 0 IMASPab
22 SPIC1024800 in 10.16.1.251 50 IPSE 1500 0 routeDest 0067 0 2708 0 Tc 0 0
19 10.16.5.251 10.16.4.179 47 8220 1500 306 0 0 2 0 0 48:4a:e9:c1:e8:72 0 0 0 IMASPab
17 10.16.5.251 10.16.4.179 47 8200 1500 200 0 0 12 0 0 48:4a:e9:c1:e8:70 0 0 0 IMSPab
14 SPICF8AC000out 10.16.4.179 50 IPSE 1500 0 routeDest 0067 0 0 456 0 0
15 SPI897A8100out 10.16.1.252 50 IPSE 1500 0 routeDest 0064 0 0 2674 Tc 0 0
11 10.16.5.251 10.16.4.179 47 8320 1500 306 0 0 2 0 0 48:4a:e9:c1:e8:62 0 0 0 IMASPab
21 10.16.5.251 10.16.4.179 47 8300 1500 200 0 0 12 0 0 48:4a:e9:c1:e8:60 0 0 0 IMSPab
23 SPI006DF300 in 10.16.5.251 50 IPSE 1500 0 routeDest 0000 0 1790 0 0 0
13 10.16.5.251 10.16.4.179 47 8330 1500 349 0 0 2 0 0 48:4a:e9:c1:e8:63 0 0 0 IMASPab
12 10.16.5.251 10.16.4.179 47 8310 1500 321 0 0 2 0 0 48:4a:e9:c1:e8:61 0 0 0 IMASPab
16 10.16.5.251 10.16.4.179 47 9000 1500 0 0 0 0 0 0 48:4a:e9:c4:1e:86 10069 0 9901 TES
(EUR0100CW001-1) [mynode] #
( 9 tunnels : 4 ssid x2 + 1 management) ==> seem ok
on Standby :
(EUR0100CW001-2) [mynode] #show ap database
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP Standby IP
---- ----- ------- ---------- ------ ----- --------- ----------
Flags: 1 = 802.1x authenticated AP use EAP-PEAP; 1+ = 802.1x use EST; 1- = 802.1x use factory cert; 2 = Using IKE version 2
B = Built-in AP; C = Cellular RAP; D = Dirty or no config
E = Regulatory Domain Mismatch; F = AP failed 802.1x authentication
G = No such group; I = Inactive; J = USB cert at AP; L = Unlicensed
M = Mesh node
N = Duplicate name; P = PPPoe AP; R = Remote AP; R- = Remote AP requires Auth;
S = Standby-mode AP; U = Unprovisioned; X = Maintenance Mode
Y = Mesh Recovery
c = CERT-based RAP; e = Custom EST cert; f = No Spectrum FFT support
i = Indoor; o = Outdoor; s = LACP striping; u = Custom-Cert RAP; z = Datazone AP
p = In deep-sleep status
Total APs:0
(EUR0100CW001-2) [mynode] #show datapath tunnel
tunnel Datapath tunnel table
tunnel-group Datapath tunnel-group
(EUR0100CW001-2) [mynode] #show datapath tunnel
counters Datapath tunnel statistics
encaps Datapath encapsulation statistics verbose
heartbeat Datapath heartbeat tunnel only
ipv4 Datapath IPv4 tunnel entries
ipv6 Datapath IPv6 tunnel entries
station-list Datapath list of stations on tunnel
table Datapath tunnel entries
tunnel-id Datapath tunnel FIB for given tunnel index
verbose Datapath tunnel internal detail
| Output Modifiers
<cr>
(EUR0100CW001-2) [mynode] #show datapath tunnel
+----+-------+-----------------------------------------------------+
|SUM/| | | |
|CPU | Addr | Description Value |
+----+-------+-----------------------------------------------------+
| | | |
| G | [000] | Current Entries 10 |
| G | [002] | High Water Mark 21 |
| G | [003] | Maximum Entries 12288 |
| G | [004] | Total Entries 27 |
| G | [007] | Max link length 1 |
+----+-------+-----------------------------------------------------+
Datapath Tunnel Table Entries
-----------------------------
Flags: E - Ether encap, I - Wi-Fi encap, R - Wired tunnel, F - IP fragment OK
W - WEP, K - TKIP, A - AESCCM, G - AESGCM, M - no mcast src filtering
S - Single encrypt, U - Untagged, X - Tunneled node, 1(cert-id) - 802.1X Term-PEAP
2(cert-id) - 802.1X Term-TLS, T - Trusted, L - No looping, d - Drop Bcast/Unknown Mcast,
D - Decrypt tunnel, a - Reduce ARP packets in the air, e - EAPOL only
C - Prohibit new calls, P - Permanent, m - Convert multicast, B - Bgw peer uplink tunnel
n - Convert RAs to unicast(VLAN Pooling/L3 Mobility enabled), s - Split tunnel
V - enforce user vlan(open clients only), x - Striping IP, z - Datazone
H - Standby (HA-Lite), u - Cluster UAC tunnel, b - Active AAC tunnel, t - Cluster s-AAC tunnel
c - IP Compression, g - PAN GlobalProtect Tunnel, w - Tunneled Node Heartbeat
B - Cluster A-SAC Mcast, G - Cluster S-SAC Mcast, l - Tunneled Node user tunnel
f - Static GRE Tunnels, k- keepalive enabled, Y - Convert BC/MC to Unicast
# Source Destination Prt Type MTU VLAN Acls BSSID Decaps Encaps Heartbeats Flags EncapKBytes DecapKBytes
------ -------------- -------------- --- ---- ---- ---- ----------------------- ----------------- ---------- ---------- ---------- --------------- ------------- -----------
19 SPIC1024800out 10.16.1.251 50 IPSE 1500 0 routeDest 0064 0 0 3227 Tc 0 0
11 SPI897A8100 in 10.16.1.252 50 IPSE 1500 0 routeDest 0067 0 3181 0 Tc 0 0
(EUR0100CW001-2) [mynode] #
As you see we do not see the standby tunnel , only the tunnels between master and standby.
What we try to do is correct on 8.4 ?
Do you have an idea so tha stand-by tunnel will be up ?
Thanks in advance