Wireless Access

Hello

 

Can you help me please, we need to implement a new network solution compose by 2 MM in different sites with L2 link, and 2 MC 7205(on a L2 cluster).  For this moment we will configure only the principal site so I want to prepare de VRRP configuration on the MM, specially the Virtual IP so the controllers can reach the MM using de VIP (even if the second MM is not deployed)

 

is this a valid scenario?

 

We cannot add the MC to MM:

 

 

thanks you everyone

I believe that should work. Set up VRRP on the MM and it will have two IP addresses, the static address and the VIP. Then add the MC and point it to the VIP. How are you adding the MC? On the MM did you add it as a controller and enter a PSK. Go to Mobility Master -> Configuration -> Controllers and add the controller with its IPsec key.

 

I hope this helps,

Yes! I did a full-setup and select in the Wizard the option “MD” for Managed Device, then point the MC to the VIP.

On the MM I did configured the controller IP and The PSK

Something weird is that both (MM and MC) can ping the Gateway , both they can’t ping each other. (They are on the same L2 network)

Carlos Medrano
Soluciones Integradas Modernas

Did you also add the MC to the node hierarchy. Go to Managed Network and click on the plus and add a group for your organization. Then select the group and click on the + and add the controller.

 

Also, go the CLI of the MM and type "show log all 40" and see if there are any communication errors relative to the MC. Also check the logs on the MC.

 

I hope this helps,

Hi westcott,

 

Thanks for your help. yes I've tried to add the controller inside a group usen the hostname and mac-address but having the same result.  I do not why also I can't ping the controller from MM and viceversa. 

 

This is the output for: show log all 40

 

Aug 27 21:18:36 profmgr[5459]: USER:admin@172.16.108.244 NODE:"/md/Bantrab_Guatemala" COMMAND:<no configuration device 20:4c:03:3c:c2:34> -- command executed successfully
Aug 27 21:18:44 isakmpd[5439]: <103103> <5439> <WARN> |ike| IKE SA Deletion: IKE2_delSa peer:10.60.76.3:500 id:2704616962 errcode:ERR_IKESA_EXPIRED saflags:0x41000005 arflags:0x20
Aug 27 21:19:08 upgrademgr[6123]: <399816> <6123> <ERRS> |upgrademgr| No matching devices found for /md/Bantrab_Guatemala

 

I'm not sure if this scenario is not supported :S 

With ArubaOS 8, the configuration of the MC is different than the configuration of the local controller from ArubaOS 6. With OS8, after you go through the full-setup of the MC, the MC then communicates with the MM. It finds it's device node in the MM hierarchy, and downloads its "ENTIRE" configuration from the MM. So all of the settings that were configured from the full-setup are wiped out.

 

In your MM, did you go to the device node for the MC and configured VLANs, ports, gateways, etc. If not, the MC is trying to communicate with the MM and essentially download it's running configuration and there is none to download.

 

:O got it. I did the training course (last year) and didn’t remember that. Thanks

The problem I have is that the uplink of the controller is a port-channel (lacp) , in the MM when I try to configure the PC0 And there is no controller “added” it don’t show the physical ports.

Let me try again and let you know. Thank you very much again for your help

Carlos Medrano
Soluciones Integradas Modernas

Hi Westcott

 

I'm having the same issue again and again. I´ve tried adding the controller to a group and "configure" the vlan, IP, Mask, GW. The only think si that there no option to specify the port that it should use.

 

do you think that's the reason the controller is not reaching the MM?

 

the only message I got is:

 

 LAST SNAPSHOT(Master Unreachable)

 

I'll appreciatte any other idea :)

just and update, I think is something related with the virtual ip is not up because the stand-by MM does not exist. 

 

Now is working but I've tho provision the MC to the MM Active directly.

 

 

UPDATE:  The issue was solved by reading the complete Installation Guide following this other post:

 

https://community.arubanetworks.com/t5/Wireless-Access/VRRP-on-Mobility-Masters-AOS-8-2-0-1/td-p/312882

 

 

Just to confirm, I do have a setup like this (single vMM using the VIP) and it works fine.

 

You won't be able to ping MM<->MC until they have the IPSec tunnel established because the ping goes over the tunnel.