Original Message:
Sent: Aug 09, 2024 09:01 AM
From: oden74
Subject: UBT no data traffic out of gateway
Do you have a DUR for both the switch and the gateway? I know for sure that DUR on the gateway is not working with a user vlan, that has to be a separate vsa.
Test to use a static role on the gateway with a VLAN attached the role where the client should get an ip address.
Original Message:
Sent: Aug 09, 2024 03:52 AM
From: EnzoJ
Subject: UBT no data traffic out of gateway
Hi,
I tested already with a lur on the switch.
Without success.
So I already removed the DUR config off the troubleshoot list.
Original Message:
Sent: Aug 09, 2024 02:39 AM
From: oden74
Subject: UBT no data traffic out of gateway
Hi,
I would test to send an additional VSA attribute from ClearPass with the Aruba user vlan. I know before that there was a problem before with DUR and having the user vlan in the DUR. So test and send the User role and aruba-user-vlan in separate VSA´s from ClearPass.
You also need to adjust the MTU size on the physical interfaces and IP MTU size from the switch all the way to the Aruba GW to get 1500 IP MTU through because of the GRE overhead.
Original Message:
Sent: Aug 08, 2024 09:31 AM
From: EnzoJ
Subject: UBT no data traffic out of gateway
Hi Ariyap,
Sorry for the late response.
But in attachement all the output which looks fine for me.
But still nothing is working and client can not ping or connect to anything.
I opened already a TAC case but without success or any clue from them.
If someone got any idea what is going wrong, I would be grateful.
Original Message:
Sent: Aug 02, 2024 07:44 PM
From: ariyap
Subject: UBT no data traffic out of gateway
your switch config looks fine to me. what is the output of the following commands on the switch
sh aaa authentication port-access interface all client-status
sh ubt users all
and these commands on the controller.
show user
show rights <user-role>
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Aug 02, 2024 03:46 AM
From: EnzoJ
Subject: UBT no data traffic out of gateway
Hi Ariyap,
Below you find the configuration of switch what I did for UBT.
Clearpass auth is working fine so didn't provide that.
I confirm that system IP is used for the config in the cx switch.
I see that the tunnel is up and running on the gateway & switch.
Also see the user on the gateway, but I can not send any traffic.
Feels like the allowall of the role isn't there. or something blocks all traffic.
The role on the gateway has an allow-all policy.
What I also find odd, is that in aruba-central there are clients connected which doesn't show up on the cli of both gateways.
show user on gateway shows only 1 client which is using the UBT tunnel.
I checked and the vlan and interface are trusted. (in central & CLI.)
Original Message:
Sent: Aug 01, 2024 08:19 PM
From: ariyap
Subject: UBT no data traffic out of gateway
Please share the switch configuration.
Note that when configuring UBT on the the Cx switches, the "primary-controller ip" should be the system-ip or controller-ip on the gateway.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Aug 01, 2024 09:00 AM
From: EnzoJ
Subject: UBT no data traffic out of gateway
The trace buf above wasn't correct. here is a correct one.
Original Message:
Sent: Aug 01, 2024 08:28 AM
From: EnzoJ
Subject: UBT no data traffic out of gateway
Hey,
I'm setting up a new UBT for a client.
We have 2x 9240 gateways & AOS-CX6300M switches.
Both gateway & switch has ip addresses in the same L2 subnet.
I see that the tunnels comes up, but the client can not send or receive any traffic.
Pinging to the default gateway doesn't work.
If I place the client into the same user- vlan directly via the switch everything works.
Switch & Gateway are managed by Aruba Central.
I see following output in the CLI.
Has someone an idea what is going wrong?
I use DUR's with gateway zone push from clearpass.
Dur's are working fine with local breakout, so DUR setup isn't the issue.