Hello,
I have a problem, that sometimes I'm unable to reach IAPs or IAP loses connection with other devices on management subnet.
Situation: we have a several subnets & VLANs. The most important is VLAN 2 (subnet 10.0.2.0/24), this a management subnet and also space, where all IAPs are located + several services, such as FreeRadius, LDAP and other servers.
IPs:
10.0.2.1 - gateway (router)
10.0.2.10 - Radius 1 (master)
10.0.2.11 - Radius 2 (slave / backup)
10.0.2.[101-126] - IAPs
When I turn on IAPs everything works just fine, but after 30 - 60 minutes, the IAPs lose connection to all other devices on management subnet & they are able to reach only gateway.
This is a very big problem, because not just that I'm unnable to display webGUI, ssh or even ping IAPs (from PC in the same subnet), but also authentification agains Radius servers will stop working, so users are not able to connect to SSID HK-Member (on which Radius authentification is set).
I'm a newbie to Aruba, so maybe I've configured IAPs incorrecly, but It's really strange. Radius servers can communicate between them without a problem even with LDAP server, wich is also on the same subnet, but all devices are unnable to reach IAPs (except gateway).
Within some intervals, the IAPs are again reachable, but most of the time it just doesn't work.
I've tried already everything and only reboot of IAPs works, but after 30-60 minutes the problem occures again.
For now I've configured dst-nat to Radius 1/2 port's on router & set public Radius IP to IAPs, so at least users are able to connect to HK-Member SSID (because gateway is always reachable), but this is not a solution for the main problem.
Another solution should be to create another VLAN & subnet just for IAPs, so if the will want to contact Radius server on different subnet, they will have to go over gateway (which seems to be always reachable), so it should work, but it will mean, that I'll have to register another VLAN on each switch we have etc.
I've added my current configuration to attachments, so you can check it.
Thanks for help.