Cloud Managed Networks

Reply
Occasional Contributor II

Aruba Central Connection Failure with External DHCP + VPN / GRE

Dear,

I have a facility with 3 IAP's, 1 on the 1st floor, and 2 on the second floor, all managed by Aruba Central (cloud).
My dhcp server is external.
In the GRE / VPN configuration, I enabled the tunnel configuration by AP.
The problem is that in the 3rd IAP, clients do not always reach the external dchp server, and in 30% go pro 0.0.0.0 or APIPA 169.254.x.x, any tips on what to do?ACAO CLUSTER DOWN-1.pngACAO debug AP1.png

Guru Elite

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

At what physical position are you taking that capture?  Does the other side of the tunnel see the dhcp discovers?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

Thanks for the quick response:

But I'm checking directly from the IAP.
We performed the debug on the DHCP server, and we did not receive the test user's request.
The DHCP server route is configured on the show datapath route (IAP);
Some users get a normal IP address;
I already changed the positioning equipment, I put new AP's, and it did not solve.
When we have 2 IAP's, the network works normally, but when we connect 3rd, the problem appears.
I thought the APs were communicating with the VC / Master, and it could not pass the number of requests tunneled to the server, but the configuration is Tunnel per IAP, that is, the IAP speaks directly with the server.
Any suggestion?

Super Contributor II

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

Is the GRE / VPN tunnel going through a firewall? Is it a GRE or a IPSEC tunnel? And at what for device is the tunnel terminated? Is it an Aruba controller?
You mentioned that the setup is working with 2 IAP's. When the third one is connected then the issue occurs. Is the setup not working anymore at all the IAP's or only the third one?

You can check the VPN status with the following commands.
show vpn status
show vpn tunnels

Also check the following log files
show log vpn-tunnel
show log vpn-tunnel-primary

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Occasional Contributor II

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

It is a GRE tunnel, configured in Aruba Central (VPN), it does not pass through the firewall, and the configuration is the same in all 3 IAP's.
The routing profile is the same.
Gre primary, type, and the gre per-ap-tunnel setting is ok; the debug cloud server is the same;
Show ip route, datapaht route, and vpn are the same.

The only configurations that diverge are in the image show summary suport(VC = Left side // IAP with problem = Right side).

I also noticed that the Support Connection Status field is connected in the VC, but in the 2 IAP's it is not.

Occasional Contributor II

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

Has anyone had this problem? Any tips?

Guru Elite

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

It seems that one device is configured locally and another is configured by central.  Can you SSH into the VC and see if "show aps" shows all of your access points at that site?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

WMMGBHECTC00001-AP003 24# show aps


3 Access Points
---------------
Name IP Address Mode Spectrum Clients Type IPv6 Address Mesh Role Zone Serial # 2.4 Channel 2.4 Power (dB) 2
g Id Config Csum Ext SSID Active Age Link Local IP Address Utilization (%) 5.0 Noise Floor (dBm) Need Antenna Config From Port Confi
---- ---------- ---- -------- ------- ---- ------------ --------- ---- -------- ----------- -------------- -
------------------ --------------------- ----------- -------------- ------------------- --------------------- ------------------- --------- -----
---- ----------- --------------- --- ---------------------
WMMGBHECTC00001-AP003 24 10.1.24.130* access disable 0 207(indoor) -- N/A - CNDDJST22F 1 18 5
2(ok) -84(ok) 52E 18 56(ok) -90(good) No none 8

55353 enable 6d:19h:8m:52s --
WMMGBHECTC00001-AP002 10.1.24.142 access disable 1 207(indoor) -- N/A - CNDDJST1VB 6 18 4
2(good) -83(ok) 149E 18 95(poor) -89(good) No none 8
WMMGBHECTC00001-AP001 10.1.24.73 access disable 4 207(indoor) -- N/A - CNDDJST1LQ 1 18 7
6(poor) -88(good) 100E 16 21(good) -88(good) No none 8
55353 enable 3d:21h:16m:39s --

Guru Elite

Re: Aruba Central Connection Failure with External DHCP + VPN / GRE

Please continue to work with TAC and let us know the resolution,  I am not sure I can guess what is wrong here.  You also have the option to escalate with TAC if you are not getting anywhere.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: