Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Controller cannot ping but the AP can ping the Controller

This thread has been viewed 6 times

  • 1.  Controller cannot ping but the AP can ping the Controller

    Posted Nov 17, 2016 03:15 PM

    We got  new controllers and I am setting them up as additional Local controllers. Everything seem to be fine, the master sees this new local, centralized lics are shared, ipsec (cypto isakmp sa) is ok on both sides..etc.

     

    Now I have this  Test AP and I gave it a newly created AP system profile that has LMS IP pointed at the new Local. I rebooted the test AP, got an IP for itself,  sees the master and got its LMS IP using saved LMS (IP of the new Local). Everything seem fine but on the new Local, it is not seeing the test AP. The new local can't ping the test AP.

     

    I opened the test AP console and tried to ping the new Local and other controllers, it seem to see them all.

     

    However, after few minutes, the test AP rebooted and I got this error below.

     

    Clearing P1020 PCIe Error Status
    AP rebooted Wed Dec 31 16:11:58 PST 1969; Unable to set up IPSec tunnel to saved lms, Error:RC_ERROR_IKEV2_TIMEOUT
    shutting down watchdog process (nanny will restart it).



  • 2.  RE: Controller cannot ping but the AP can ping the Controller

    EMPLOYEE
    Posted Nov 17, 2016 08:52 PM

    You have two problems, but your big problem is that the AP cannot find the controller.

     

    Type "show log system 50" on the local controller to see if you can get a clue why the AP is not working....  Do the same thing on the master, just in case it says something about the AP...



  • 3.  RE: Controller cannot ping but the AP can ping the Controller

    Posted Nov 18, 2016 06:53 AM

    Hi!

     

    Start by using the default system-profile. Will it find its way onto the master and stay stable?

     

    If yes, provision it with the new system profile for the new local controller. Check "show datapath session table x.x.x.x" with the ip address of the ap on the local to see if it tries to contact it and on what ports. Make sure the firewall rules and routing are the same from the APs subnet to the new local as it is to the master.

     

    Cheers,



  • 4.  RE: Controller cannot ping but the AP can ping the Controller

    Posted Nov 18, 2016 12:31 PM

    I can now see the AP on the new local. The problem now is that the APs are inactive. I have 2 sets of this (1 new local + 1 AP) and both shows the same flag.



  • 5.  RE: Controller cannot ping but the AP can ping the Controller
    Best Answer

    Posted Nov 23, 2016 02:13 PM

    At first, the controlers can't see the APs because of some nework configurations.    

     

    Then the controlers see the APs but the APs were flagged with  I (inactive). This was fixed by adding DNS that I missed to fill at first.