Wired Intelligent Edge

Hello ,

I had been watching Dynamic segmentation series on Aruba channel and trying to implement it on LAB. 

It seems i am unable to establish the tunnel to the controller. ( I am using port-base tunnel method as of now ).

This how the swich port configurations look like:

(Vlan 888 is the non-routed Vlan that the video seems to suggest that i should create on the switchports)

Port going to the desktop :

interface 1/2
name "PORT-BASED"
tunneled-node-server
untagged vlan 888
exit

Port going to the mobility controller :

interface 1/5
name "ToMc1"
tagged vlan 888,2048
exit

I can see debug logs that says tunnel is online. 

I 11/11/19 09:02:29 05187 tunneled-node: ST1-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl02 (318767757) deleted.
I 11/11/19 09:02:42 05183 tunneled-node: ST1-CMDR: Using server 10.76.134.228
I 11/11/19 09:02:42 05186 tunneled-node: ST1-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl02 (318767757) created.
I 11/11/19 09:02:42 05185 tunneled-node: ST1-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl02 (318767757) is on-line.

However the command, show "tunneled-node-server state" seems to suggest that the tunnel is still in progress . 

Tunneled Node Port State

Active Controller IP Address : 10.76.134.228

Port State
------ -------------------------
1/2 In Progress

Anyone has any ideas , what am i missing here ?

Thanks,

Rahul Nair.

Are you able to ping the controller?

Any firewall in between?

Hi Fabian,

No there is no FW in between. It is a lab environment. 

And yes i am able to ping the MC. 

Aruba-Stack-2930M# ping 10.76.134.228
10.76.134.228 is alive, time = 1 ms

 BTW i can see some logs on the MC whichs says :

Nov 11 19:57:31 stm[3716]: <304022> <3716> <WARN> |stm| mux_bootstrap_request: dropped for license key enforcement
Nov 11 19:58:34 stm[3716]: <304022> <3716> <WARN> |stm| mux_bootstrap_request: dropped for license key enforcement
Nov 11 19:59:44 stm[3716]: <304022> <3716> <WARN> |stm| mux_bootstrap_request: dropped for license key enforcement

I have enough AP licenses installed on the MC. Still no luck.

Installed AP licenses, PEF license and ACR licenses as well - just in case to be sure its not anything with licensing, but still no luck. 

The controller is still generating the same warning logs.

It turns out, that the issue was indeed with the licensing. 

Apparently each switch also consumes an RFP license along with an AP license.

The tunnel seemed to come up as soon as the RFP license was installed.

Yes, it is "documented"...

We didn't have any RFP licenses but only AP and PEF. Aruba TAP clicked around our Mobility Master and I think disabled and enabled the RFP part or something like that. Now the dynamic segmentation works without RFP licenses for us.

Yes don't need RFP for work

but if you have AP and use RFP licence, you need RFP licence for switch too...