Wired Intelligent Edge

We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.

After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:

We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?

CoPP should only affect traffic to your switch, not traffic through (from NAC to controllers/APs). If you see that you lose traffic, it may be good to investigate this further with your Aruba partner and/or TAC Support.

Except if someone reading this has seen the same and knows the answer.

We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.

After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:

We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?

CoPP should only affect traffic to your switch, not traffic through (from NAC to controllers/APs). If you see that you lose traffic, it may be good to investigate this further with your Aruba partner and/or TAC Support.

Except if someone reading this has seen the same and knows the answer.

We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.

After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:

We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?

Our Aruba SE mentioned that the 8212zl had a default MTU of 1522 instead of 1500 on the new CXs. Do you think that could be causing an issue? Would it be a good idea to increase the default MTU to 1522 on the controller interfaces connected to the new core?

CoPP should only affect traffic to your switch, not traffic through (from NAC to controllers/APs). If you see that you lose traffic, it may be good to investigate this further with your Aruba partner and/or TAC Support.

Except if someone reading this has seen the same and knows the answer.

We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.

After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:

We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?

If MTU is the issue, I would expect to see input/output errors or drops on your interfaces. Have you checked the interface counters already?

Our Aruba SE mentioned that the 8212zl had a default MTU of 1522 instead of 1500 on the new CXs. Do you think that could be causing an issue? Would it be a good idea to increase the default MTU to 1522 on the controller interfaces connected to the new core?

CoPP should only affect traffic to your switch, not traffic through (from NAC to controllers/APs). If you see that you lose traffic, it may be good to investigate this further with your Aruba partner and/or TAC Support.

Except if someone reading this has seen the same and knows the answer.

We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.

After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:

We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?

If MTU is the issue, I would expect to see input/output errors or drops on your interfaces. Have you checked the interface counters already?

Our Aruba SE mentioned that the 8212zl had a default MTU of 1522 instead of 1500 on the new CXs. Do you think that could be causing an issue? Would it be a good idea to increase the default MTU to 1522 on the controller interfaces connected to the new core?

CoPP should only affect traffic to your switch, not traffic through (from NAC to controllers/APs). If you see that you lose traffic, it may be good to investigate this further with your Aruba partner and/or TAC Support.

Except if someone reading this has seen the same and knows the answer.

We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.

After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:

We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?