Controllerless Networks

 View Only
Expand all | Collapse all

master election traffic being blocked?

This thread has been viewed 3 times
  • 1.  master election traffic being blocked?

    Posted Jan 14, 2014 04:33 PM
      |   view attached

    I have three IAP105 I'm deploying.  The IAP devices are not 'seeing' each other, so they each come up as the virtual master controller.  I have tested this and had one IAP105 online for several minutes, then, on powering up another I've taken console output and see the following:

    <cut>

    ip_time_handler: Got ip and packets on bond0 Started master election 521-0

    </cut>

    then several seconds later, I see this (from the same IAP - booting up while there is an IAP already on line for several minute)s:

    <cut>

    process `snmpd' is using obsolete setsockopt SO_BSDCOMPAT
    i am master now

    (00:03:29) !!! Init ---> Master

    </cut>

    Does anyone have any input?  I am guessing that there is traffic being blocked between devices on these ports/vlans.  I do not control the switch that the 105s are connected to, but I am told client-to-client traffic is not being blocked.  I have attached the config from the second IAP (the one that gave the output above) - they all three have the same config except each virtual controller has a different IP assigned (all virtual controllers are on same vlan, but different IP addresses).

     

    Any help would be greatly appreciated...

     

    Attachment(s)

    txt
    2nd_ap_up.txt   3 KB 1 version


  • 2.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 05:00 PM

    Are you certain that they are all on the same VLAN?  The bootup log is much more important to share, because it says what the AP is doing, as opposed to what it is configured to do.  Are all of the IAPs the same model?



  • 3.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 05:24 PM
    The VC architecture depend on L2 broadcast being allowed, is it possible that the wired infrastructure is blocking or filtering L2 broadcasts?


  • 4.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 06:37 PM

    3rd try for an attachment didn't work.  Trying copy paste in body:

    APBoot 1.4.0.3 (build 37726)
    Built: 2013-03-21 at 20:13:41

    Model: AP-10x
    CPU: AR7161 revision: A2
    Clock: 680 MHz, DDR clock: 340 MHz, Bus clock: 170 MHz
    DRAM: . 128 MB
    POST1: mem 0 mem 1 mem 2 mem 3 passed
    Copy: ....    done
    Flash: 16 MB
    PCI: scanning bus 0 ...
    dev fn venID devID class rev MBAR0 MBAR1 MBAR2 MBAR3
    00 00 168c 0029 00002 01 10000000 00000000 00000000 00000000
    01 00 168c 0029 00002 01 10010000 00000000 00000000 00000000
    Net: eth0
    Radio: ar922x#0, ar922x#1

    Hit <Enter> to stop autoboot: 2  1  0
    Booting OS partition 0
    Checking image @ 0xbf100000

    Image is signed; verifying checksum... passed
    Signer Cert OK
    Policy Cert OK
    RSA signature verified.
    ELF file is 32 bit
    Loading .text @ 0x80e00000 (6299544 bytes)
    Loading .data @ 0x81401fa0 (32 bytes)
    Clearing .bss @ 0x81401fc0 (16 bytes)
    ## Starting application at 0x80e00000 ...
    Uncompressing............................................................

    þ

    Aruba Networks

    ArubaOS Version 6.2.1.0-3.4.0.3 (build 40346 / label #40346)

    Built by p4build@cyprus on 2013-10-11 at 19:10:16 PDT (gcc version 4.3.3)

    CPU Rev: aa

    71x CPU

    Flash variant: default

    Cache parity protection disabled

    Using 340.000 MHz high precision timer. cycles_per_jiffy=680000

    Memory: 120576k/131072k available (1687k kernel code, 10400k reserved, 625k data, 5484k init, 0k highmem)

    available.

    detected lzma initramfs

    initramfs: LZMA lc=3,lp=0,pb=2,dictSize=8388608,origSize=27214848

    LZMA initramfs by Ming-Ching Tiew <mctiew@yahoo.com> ................................................................................................................................................................................................................................................................................................................................................................................................................................

    AR7100 GPIOC major 0

    wdt: registered with refresh

    Enabling Watchdog

    Talisker RSSI LED initialization

    Creating 1 MTD partitions on "ar7100-nor0":

    0x00000000-0x01000000 : "flash"

    i2c /dev entries driver

    i2c-talisker: using default base 0x18040000

    AD7416 driver probing for devices on AR7100 I2C

    .<6>lo: Disabled Privacy Extensions

    IPv6 over IPv4 tunneling driver


    Starting Kernel SHA1 KAT ...Completed Kernel SHA1 KAT

    Starting Kernel HMAC-SHA1 KAT ...Completed Kernel HMAC-SHA1 KAT

    Starting Kernel DES KAT ...Completed Kernel DES KAT

    Starting Kernel AES KAT ...Completed Kernel AES KAT


    Domain Name: arubanetworks.com
    No panic info available
    Testing TPM... Passed
    ag7100_mod: module license 'unspecified' taints kernel.

    AG7100: Length per segment 512

    AG7100: Max segments per packet 4

    AG7100: Max tx descriptor count 400

    AG7100: Max rx descriptor count 252

    AG7100: fifo cfg 3 018001ff

    AG7100CHH: Mac address for unit 0

    AG7100CHH: 24:de:c6:cd:ec:44

    ATHRF1: Port 0, Neg Success

    ATHRF1: unit 0 phy addr 0 ATHRF1: reg0 0

    ag7100_ring_alloc Allocated 4800 at 0x8086a000

    ag7100_ring_alloc Allocated 3024 at 0x87e89000

    AG7100: cfg1 0xf cfg2 0x7014

    ATHRF1: Port 0, Neg Success

    ATHRF1: unit 0 phy addr 0 ATHRF1: reg0 3100

    AG7100: unit 0: phy not up carrier 1

    Writing 4

    ADDRCONF(NETDEV_UP): bond0: link is not ready

    wifi uplink not present...
    do ethtool autoneg on for bond0
    Ethernet uplink not active yet
    Ethernet uplink not active yet
    Ethernet uplink active. Becoming Mesh Portal
    AP xml model 39, num_radios 2 (jiffies 17280)

    init_asap_mod: installation:0

    radio 0: band 1 ant 0 max_ssid 8

    radio 1: band 0 ant 0 max_ssid 8

    election init: rand=10 HZ=500

    setting bond0 as bridge child

    setting gre0 as split child

    notify asap_mod 3g no present...
    Starting watchdog process...
    Getting an IP address...
    Dec 31 16:00:34 udhcpc[836]: udhcpc (v0.9.9-pre) started Dec 31 16:00:34 udhcpc[836]: send_discover: pkt AG7100: unit 0 phy is up...num 0, secs 0 RGMii 100Mbps full duplex

    Dec 31 16:00:34 AG7100: pll reg 0x18050010: 0x1099 udhcpc[836]: SenAG7100: cfg_1: 0x1ff0000

    ding discover...AG7100: cfg_2: 0x3ff

    AG7100: cfg_3: 0x18001ff

    AG7100: cfg_4: 0xffff

    AG7100: cfg_5: 0x7ffef

    AG7100: done cfg2 0x7115 ifctl 0x10000 miictrl 0x12

    ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready

    Dec 31 16:00:36 udhcpc[836]: send_discover: pkt num 1, secs 2 Dec 31 16:00:36 udhcpc[836]: Sending discover... Dec 31 16:00:38 udhcpc[836]: send_discover: pkt num 2, secs 4 Dec 31 16:00:38 udhcpc[836]: Sending discover... Dec 31 16:00:40 udhcpc[836]: No lease, forking to background. Dec 31 16:01:00 udhcpc[932]: send_discover: pkt num 0, secs 26 Dec 31 16:01:00 udhcpc[932]: Sending discover... Dec 31 16:01:02 udhcpc[932]: send_discover: pkt num 1, secs 28 Dec 31 16:01:02 udhcpc[932]: Sending discover... Dec 31 16:01:04 udhcpc[932]: send_discover: pkt num 2, secs 30 Dec 31 16:01:04 udhcpc[932]: Sending discover... Dec 31 16:01:26 udhcpc[932]: send_discover: pkt num 0, secs 52 Dec 31 16:01:26 udhcpc[932]: Sending discover... Dec 31 16:01:28 udhcpc[932]: send_discover: pkt num 1, secs 54 Dec 31 16:01:28 udhcpc[932]: Sending discover... Dec 31 16:01:30 udhcpc[932]: send_discover: pkt num 2, secs 56 Dec 31 16:01:30 udhcpc[932]: Sending discover... Dec 31 16:01:52 udhcpc[932]: send_discover: pkt num 0, secs 78 Dec 31 16:01:52 udhcpc[932]: Sending discover... Dec 31 16:01:54 udhcpc[932]: send_discover: pkt num 1, secs 80 Dec 31 16:01:54 udhcpc[932]: Sending discover... Dec 31 16:01:56 udhcpc[932]: send_discover: pkt num 2, secs 82 Dec 31 16:01:56 udhcpc[932]: Sending discover... Picked up default IP a9fe2188, rand 2188

    Default IP is ready

    Dec 31 16:02:18 udhcpc[932]: send_discover: pkt num 0, secs 104 Dec 31 16:02:18 udhcpc[932]: Sending discover... Dec 31 16:02:20 udhcpc[932]: send_discover: pkt num 1, secs 106 Dec 31 16:02:20 udhcpc[932]: Sending discover... Dec 31 16:02:22 udhcpc[932]: send_discover: pkt num 2, secs 108 Dec 31 16:02:22 udhcpc[932]: Sending discover... Dec 31 16:02:44 udhcpc[932]: send_discover: pkt num 0, secs 130 Dec 31 16:02:44 udhcpc[932]: Sending discover... Dec 31 16:02:46 udhcpc[932]: send_discover: pkt num 1, secs 132 Dec 31 16:02:46 udhcpc[932]: Sending discover... Dec 31 16:02:48 udhcpc[932]: send_discover: pkt num 2, secs 134 Dec 31 16:02:48 udhcpc[932]: Sending discover... DHCP timed out.
    Installing default ip.
    Default IP comes up.
    ip_time_handler: Got ip and packets on bond0 Started master election 521-0

    DHCP timed out.
    DHCP got ip address.
    169.254.33.136 255.255.0.0
    Compressing all files in the /etc/httpd directory...
    Done.
    Starting Webserver
    bind: Transport endpoint is not connected
    bind: Transport endpoint is not connected
    bind: Transport endpoint is not connected
    NTP Server not saved in flash... using default
    ath_hal: 0.9.17.1 (AR5416, AR9380, REGOPS_FUNC, PRIVATE_DIAG, WRITE_EEPROM, 11D)

    ath_rate_atheros: Copyright (c) 2001-2005 Atheros Communications, Inc, All Rights Reserved

    ath_rate_atheros: Aruba Networks Rate Control Algorithm

    ath_dfs: Version 2.0.0

    Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved

    ath_spectrum: Version 2.0.0

    Copyright (c) 2005-2006 Atheros Communications, Inc. All Rights Reserved

    ath_dev: Copyright (c) 2001-2007 Atheros Communications, Inc, All Rights Reserved

    ath_pci: 0.9.4.5 (Atheros/multi-bss)

    wifi0: Base BSSID 24:de:c6:5e:c4:48, 8 available BSSID(s)

    bond0 address=24:de:c6:cd:ec:44

    br0 address=24:de:c6:cd:ec:44

    wifi0: AP type AP-105, radio 0, max_bssids 8

    wifi0: Atheros 9280: mem=0x10010000, irq=49 hw_base=0xb0010000

    wifi1: Base BSSID 24:de:c6:5e:c4:40, 8 available BSSID(s)

    bond0 address=24:de:c6:cd:ec:44

    br0 address=24:de:c6:cd:ec:44

    wifi1: AP type AP-105, radio 1, max_bssids 8

    wifi1: Atheros 9280: mem=0x10000000, irq=48 hw_base=0xb0000000

    ath_ahb: 0.9.4.5 (Atheros/multi-bss)


    Starting FIPS KAT ... Completed FIPS KAT

    shutting down watchdog process (nanny will restart it)...

    <<<<< Welcome to the Access Point >>>>>

    Launching IAP CLI...
    process `snmpd' is using obsolete setsockopt SO_BSDCOMPAT
    i am master now

    (00:03:29) !!! Init ---> Master

    asap_send_elected_master: sent successfully

    User: vap aruba000 vlan is 0. fwd-mode:0 mesh

    admin
    Password:

    24:de:c6:cd:ec:44# sh run



  • 5.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 06:49 PM

    It does not look like that last IAP got an ip address from the ethernet port.  Does your IT group have DHCP reservations for specific devices?



  • 6.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 07:03 PM

    That's interesting you see that.  I was given three IP addresses from the IT group and those are what I assigned to my virtual controllers (.10, .11, and .12, I think, on the 10.1.0 subnet).  I have seen in the management UI where the IAP has a 169 IP address meaning it did not pull a DHCP IP address.  Is an IP address required on the IAP for functionality?  I think things broke if I did not have an IP on the virtual controller but they looked to be fully functional (aside from the master election process) if I had IP address on the VC and not the IAP.

     

    If I have 3 IAP 105, then, should I advise IT group I need 6 IP addresses (one each for VC and IAP) or do you have a configuration suggestion?  DHCP server is upstream (I think on the switch that the IAP is connected to) so all wireless clients that connect on employee or guest network get IP just fine via DHCP, but interesting that the IAP itself does not pull an IP address.

     

    FYI, this is a vlan'd network where employee and guest are on different subnets/vlans.  I have the virtual conroller on the employee vlan and it has (manually configured) an IP address on the employee vlan.

     

    I welcome any input you might have and really appreciate feedback thus far!



  • 7.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 07:57 PM

    An ip address is required for IAP functionality, yes.  Whether you assign a static one or obtain one via DHCP (much easier) that is how they will find each other and communicate.  That needs to be done before anything else.

     



  • 8.  RE: master election traffic being blocked?

    Posted Jan 15, 2014 10:41 AM

    OK.  Here's my production environment that I need to make my IAP105s work in:

    VLAN 101 is corporate/employee network

    VLAN 103 is guest network

    PoE swtichport that the APs are connecting to are trunking ONLY vlan 101 and 103 and DHCP server (I believe) resides on that swtich, or perhaps upstream from that switch.

     

    I have configured the Virtual Controller IP / VLAN on each of the IAP105s as vlan 101 and statically assigned IP addresses in that subnet (10.1.0.X/24).  I believe I've left the access point IP configuration 'default' (no configuration changes from out of the box) so I >assume< the access point is on default vlan.

     

    My question(s):  If I statically assign the access point to vlan 101, I assume it will pull an IP address from the upstream DHCP server.  Is it OK to have VC and AP on the same vlan/subnet?  Also, I believe to set the AP VLAN I go to access point > edit > 'uplink' tab and change the 'management vlan' from 0 (default) to 101?  Do I need to do anything else like to the wired profile?

     

    Finally, I know the benefits to being DHCP versus statically assigned but, in this case where I'm not managing the IT network I will have troubles accessing the UI if I don't know the UI IP address, is it better to have VC set for DHCP or access point set to DHCP?  Again, this is a deployment of three IAP 105s.

     

    sorry if I'm bombarding with questions.  This is my first Aruba deployment and I'm deploying in a network that I have zero control over and, with multiple vlans / all client access 'control' being placed upstream of the IAPs, I have to configure the product to work seamlessly with customer network.  Thanks once again for any and all input...



  • 9.  RE: master election traffic being blocked?

    Posted Jan 20, 2014 04:54 AM

    i've the same issue,

    i've 10 iap with static ip addresses,

    when they are all up all is fine, i configure the virtual controller ip and all is ok.

    yesterday the swich that give poe to the auto-assigned master iap goes down and now my network is without management because:

    1- i cannop ping virtual controller ip

    2- i cannot ping the actual iap master VC

    3- if i point my browser to any up iap they try to redirect to master controller page that is down...

     

    my problem is that the iaps are in very different and distant location (the infrastructure is over an mpls) and is not easy to reboot all of them.... 



  • 10.  RE: master election traffic being blocked?

    Posted Jan 20, 2014 04:17 PM
    Can you share your full IP plan? It would be helpful to know the exact IP of each AP and the VC IP.

    Have you examined the ARP table on your PC to see if it is able to get the MAC address for the VC IP?


  • 11.  RE: master election traffic being blocked?

    Posted Jan 22, 2014 03:01 PM

    The virtual controllers on all three IAP-105 are configured for vlan101 / subnet 10.1.0.0/24 with gateway of 10.1.0.1.  I have assigned each VC an IP address of 10.1.0.11, .12, and .13.  I have (mistakenly, according to this thread) left the AP in DHCP on the default VLAN.

     

    It looks like, according to an earlier post in this thread, I need to have IP connectivity between the access points in order for the master election process to take place.  If the access points are in (default) vlan 0, then they will not pull an IP address from the dhcp server on vlan 101 (10.1.0.0/24 subnet).  So, I am under the impression that if I configure the AP for vlan 101, just like I did for the VC, then each of the three APs will pull an IP address on 10.1.0.0/24 subnet and, then master election will take place.

     

    Please correct me if I'm wrong on any of this above.  Also, is it best practice or not to statically assign IP addres on the VC, or should each VC also be left in dhcp / VLAN 101?

     

    One item I did not mention is that guest wireless is on vlan 103 of subnet 172.31.0.0/24 and that appears to be fully functional (wireless clients on the guest network pull IP from upstream dhcp server on vlan 103 / 172.31.0.0 subnet).

     

    Thanks in advance for any and all input...



  • 12.  RE: master election traffic being blocked?

    Posted Feb 18, 2014 02:29 AM

    with the last release you can force the master ap.



  • 13.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 05:58 PM

    Attached is the bootup log.  Thanks for any and all input you might have...



  • 14.  RE: master election traffic being blocked?

    Posted Jan 14, 2014 06:30 PM

    attached