Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ArubaMM - VRRP Not Establishing

This thread has been viewed 19 times

  • 1.  ArubaMM - VRRP Not Establishing

    MVP
    Posted May 05, 2017 02:15 PM

    Trying to configure VRRP between (2) ArubaMM's, but can't seem to get them to communicate. Configuration is below:

     

    ArubaMM-01

    master-redundancy
    master-vrrp 100
    peer-ip-address 192.168.100.66 ipsec ipseckey
    !
    vrrp 100
    priority 110
    authentication ipseckey
    ip address 192.168.100.67
    description "Active Backup MM"
    vlan 1
    no shutdown
    !

     

    ArubaMM-02

    master-redundancy
    master-vrrp 100
    peer-ip-address 192.168.100.54 ipsec ipseckey
    !
    vrrp 100
    authentication ipseckey
    ip address 192.168.100.67
    description "Active Backup MM"
    vlan 1
    no shutdown
    !

     

    Logs show as follows after down/up on the VRRP instance:

     

    May 5 12:56:31 :399838: <6174> <WARN> |fpapps| Received TUN_DOWN from IKE for default-psk-redundant-master-ipsecmap
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : INIT, licensevrid : 0 , mvrid : 100
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : INIT
    May 5 12:58:23 :313328: <6174> <WARN> |fpapps| vrrp: vrid "100" - VRRP state transitioned from INIT to BACKUP
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
    May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_mgr_papi_recv_cb: Recv from 127.0.0.1:8226
    May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_mgr_papi_recv_cb: MessageCode: 5004 len 93 data_len 17 Type 2
    May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_mgr_papi_recv_cb: IP 0.0.0.0 role 0 got_master_ip 0 got_switch_ip 1
    May 5 12:58:23 :355002: <6704> <DBUG> |cert_dwnld| cert_downld_master_ip_resp_hdlr: Got reply from CFGM with ip 192.168.100.67 role 4
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : INIT, licensevrid : 0 , mvrid : 100
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : INIT
    May 5 12:58:23 :313328: <6174> <WARN> |fpapps| vrrp: vrid "100" - VRRP state transitioned from INIT to BACKUP
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : BACKUP, licensevrid : 0 , mvrid : 100
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : BACKUP
    May 5 12:58:23 :399838: <6174> <WARN> |fpapps| Received TUN_UP from IKE for default-psk-redundant-master-ipsecmap mapid 0, vlanid 0, flags = 0x2 uplink_priority 0
    May 5 12:58:27 :313331: <6547> <WARN> |fpapps| VRRP: vrid "100" - Missed 3 Hello Advertisements from VRRP Master 192.168.100.66
    May 5 12:58:27 :313328: <6547> <WARN> |fpapps| vrrp: vrid "100" - VRRP state transitioned from BACKUP to MASTER
    May 5 12:58:27 :399838: <6547> <WARN> |fpapps| publish_license_vrrp_state : VRRP State change vrrid : 100, cur State : MASTER, licensevrid : 0 , mvrid : 100
    May 5 12:58:27 :399838: <6547> <WARN> |fpapps| Sending to licensemgr vrrid : 100, cur State : MASTER
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with PEFNG enabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update 196 FEATURE_PEF_VPN is NOT set
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with RFP disabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with XSEC disabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with ACR disabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with RAP enabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with VPN enabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with WebCC disabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with BETA disabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with MM enabled
    May 5 12:58:35 :399838: <6180> <WARN> |licensemgr| __license_send_fp_update sending update with VMC enabled

     

    VRRP shows traffic is being sent by both, but received by neither:

     

    ArubaMM-01

     

    Virtual Router 100:

    Admin State UP, VR State MASTER

    Advertisements:
    Sent: 1777 Received: 0
    Zero priority sent: 1 Zero priority received: 0
    Lower IP address received 0 Lower Priority received 0
    Tracking priority overflow: 0
    Advertisements received errors:
    Interval mismatch 0 Invalid TTL 0
    Invalid packet type 0 Authentication failure 0
    Invalid auth type 0 Mismatch auth type 0
    Invalid VRRP IP address 0 Invalid packet length 0
    VRRP Up timestamp: Fri May 5 12:57:34 2017
    Master Up timestamp: Fri May 5 12:57:37 2017
    Last advertisement sent timestamp: Fri May 5 13:09:03 2017
    Last advertisement received timestamp: Fri May 5 12:57:37 2017
    Current time: Fri May 5 13:09:04 2017
    Number times became VRRP Master: 2

     

    ArubaMM-02

     

    Virtual Router 100:

    Admin State UP, VR State MASTER

    Advertisements:
    Sent: 2149342 Received: 0
    Zero priority sent: 1 Zero priority received: 0
    Lower IP address received 0 Lower Priority received 0
    Tracking priority overflow: 0
    Advertisements received errors:
    Interval mismatch 0 Invalid TTL 0
    Invalid packet type 0 Authentication failure 0
    Invalid auth type 0 Mismatch auth type 0
    Invalid VRRP IP address 0 Invalid packet length 0
    VRRP Up timestamp: Fri May 5 12:58:23 2017
    Master Up timestamp: Fri May 5 12:58:27 2017
    Last advertisement sent timestamp: Fri May 5 13:08:25 2017
    Last advertisement received timestamp: Fri May 5 12:58:27 2017
    Current time: Fri May 5 13:08:26 2017
    Number times became VRRP Master: 2

     

     

    I cannot find why this is not working. Their is no firewall or router between these devices as they are on the same subnet. No ACLs I'm aware of on the switches. Any ideas?



  • 2.  RE: ArubaMM - VRRP Not Establishing

    MVP
    Posted May 05, 2017 02:16 PM

    Also, I can ping from both ends, and verified ARP was resolving to the correct MAC addresses, which it is.



  • 3.  RE: ArubaMM - VRRP Not Establishing

    Posted May 06, 2017 11:13 AM

    Hi Michael,

     

    Are the ports trusted on both ends ?

     

    As per the logs, there is  little difference in the clock on both controller (not sure if it could be related to difference when commands were executed).



  • 4.  RE: ArubaMM - VRRP Not Establishing

    MVP
    Posted May 07, 2017 08:36 AM

    It looks like ArubaMM-02 is missing the priority line.

    Perhaps priority 100.



  • 5.  RE: ArubaMM - VRRP Not Establishing

    MVP
    Posted May 07, 2017 09:18 AM
    Thanks bosborne, but the priority is set to default, so it doesn't show up in the running config, it is set to 100. I defined MM-01 in order to take priority.

    ________________________________
    Michael Haring | Network Engineer
    (610) 246-6037 | Comm Solutions

    Sent from my iPhone


  • 6.  RE: ArubaMM - VRRP Not Establishing

    Posted Jan 26, 2018 05:07 PM

    For others with this same issue, make sure your VM is setup with the required security settings listed in the Virtual Appliance Installation Guide.   Specifically, allowing forged transmits are required for VRRP.

     



  • 7.  RE: ArubaMM - VRRP Not Establishing

    Posted Sep 07, 2022 11:02 AM
    Hi Mharing,

    I am facing the same issue. Till yesterday, everythig was perfect, today i tried few changes while adding AP. now both were acting as Masters and VRRP is not being established.  Please let me know in case your issue is resolved.
    Original Message


  • 8.  RE: ArubaMM - VRRP Not Establishing

    MVP
    Posted Sep 08, 2022 04:30 PM
    Hi Saibhuwan,

    Our issue couldn't be resolved because of the way our VM environment was designed. It's been a while since working on this, but essentially we didn't have the settings to allow 2 VM hosts to establish an L2 VIP with each other. Given our environment consists of 10,000+ VMs, our server team wasn't willing to make the change, which I believe was global. Ultimately, we went with a single MM and leverage VM Snapshots and config backups if our MM is lost.

    Sounds like you had it working fine, unless VMware was updated or settings were changed, it probably isn't the same problem. 

    Good luck, I hope it is an easy fix!

    ------------------------------
    Michael Haring
    ------------------------------

    Original Message


  • 9.  RE: ArubaMM - VRRP Not Establishing

    MVP
    Posted Sep 09, 2022 08:22 AM
    We use physical MM appliances in Production, but we ran into that issue with the virtual MMs in our Lab environment. The VMWare admins ended up creating a special VMWare network using one of the existing VLans but turning on promiscuous mode. That resolved the issue.

    ------------------------------
    Bruce Osborne ACCP ACMP
    Liberty University

    The views expressed here are my personal views and not those of my employer
    ------------------------------

    Original Message