Controller Based WLANs

 View Only
last person joined: one year ago 

APs, Controllers, VIA
Back to Library

How to determine ip fragmentation issue which leads to 'D' flag for Aruba AP's? 

Nov 12, 2014 01:07 PM

Environment         Product & Software : This article applies to Aruba OS 3.4 and above.

 

When the Aruba AP's get stuck in the dirty 'D' flag which means configuration is getting pushed to the AP. It could be related to IP fragmentation and reassembly problems in the network.

This can be verified by enabling log-icmp-error on the stateful firewall and check for ICMP errors in “show log security”

Execute the below command to enable log-icmp-error from cli:

(Aruba) (config) #firewall log-icmp-error

To enable log-icmp-error from webui:

Navigate to Configuration> Advanced Services> Stateful Firewall> Global Settings

 

1.jpg

 

An ICMP error from the AP with code 11 would mean that the AP is missing IP fragments and it cannot re-construct the config message.

Here is the sample from show log security.

(Aruba) #show log security 50 | include "type=11"
Aug 27 18:53:28 :124006:  <WARN> |authmgr|  {167} ICMP srcip=10.13.32.11 dstip=119.82.106.146, type=11, code=1, action=deny
Aug 27 18:53:44 :124006:  <WARN> |authmgr|  {168} ICMP srcip=10.13.32.11 dstip=119.82.106.146, type=11, code=1, action=deny
Aug 27 18:54:53 :124006:  <WARN> |authmgr|  {169} ICMP srcip=10.13.32.11 dstip=119.82.106.146, type=11, code=1, action=deny
Aug 27 19:12:46 :124006:  <WARN> |authmgr|  {170} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:13:17 :124006:  <WARN> |authmgr|  {171} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:13:41 :124006:  <WARN> |authmgr|  {172} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:13:45 :124006:  <WARN> |authmgr|  {173} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:13:57 :124006:  <WARN> |authmgr|  {174} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:14:05 :124006:  <WARN> |authmgr|  {175} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:14:08 :124006:  <WARN> |authmgr|  {176} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:14:14 :124006:  <WARN> |authmgr|  {177} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny
Aug 27 19:14:28 :124006:  <WARN> |authmgr|  {178} ICMP srcip=10.13.32.11 dstip=101.222.228.207, type=11, code=1, action=deny

Statistics
0 Favorited
8 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.