Wireless Access

Reply
Highlighted
Contributor II

Controllers cannot ping each other

Hi,

 

We have a strage behaviour on our 7210 controllers.

We try to set a local master/standby config :

- local IP config on each controller

- create a dedicated admin VLAN 75

- VRRP config on VLAN 75

 

Local IP and VIP can be "pinged" from other networks.

 

However, whe trying to configure redundancy, it failed : controllers cannot ping each others on VLAN 75 whereas they are on the same brodcast domain.

 

How could it be possible ? What could block a ping on a layer 2 network ?

 

Regards,

Contributor II

Re: Controllers cannot ping each other

I have to say that a show arp command shows that each controller can see the other one's mac adress on the right vlan.

Guru Elite

Re: Controllers cannot ping each other

If a controller is setup to be a local to a master, all of their traffic must go through the ipsec tunnel between them.  If the ipsec tunnel is not up, pings will not work.

 

Type "show ipsec sa" to see if the tunnel is up between the two controllers.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: Controllers cannot ping each other

Hi,

 

Tunnel is not set.

I tried with shared key and cert but no way.

 

What shoud be wrong ? How could we debug this ipsec tunnel problem ?

 

Regards,

Guru Elite

Re: Controllers cannot ping each other

You either need to re-enter the key on the local or the master to make sure they match.  OR:

 

 

On the master You can type "encrypt disable" and then type:

show running-config |  include localip

..to see the master's key to ensure you are entering it correctly on the local


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: Controllers cannot ping each other

Hi,

 

I tried to re-type key and it seems to be ok.

 

show running-config | include localip

 

doesn't return any output.

 

Config seems to be ok (see screen capture), and a show ip route gives

 

Gateway of last resort is 192.168.230.78 to network 0.0.0.0 at cost 1
S* 0.0.0.0/0 [0/1] via 192.168.230.78*
C 172.16.0.0/24 is directly connected, VLAN1
C 192.168.230.64/28 is directly connected, VLAN75
C 192.168.230.76/32 is an ipsec map default-psk-redundant-master-ipsecmap

 

whereas ipsec does'nt seem to be up

 

(controleur-1) [mynode] #show crypto ipsec sa

% No active IPSEC SA

 

We miss something but it is quite nebulous.

Guru Elite

Re: Controllers cannot ping each other

Your ipsec connection says redundant master.  What is the relationship between that controller and the master?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: Controllers cannot ping each other

Screen capture of config

Guru Elite

Re: Controllers cannot ping each other

Okay.  You have master redundancy setup, which is different from master/local.

 

Do you have a VRRP setup, as well?  The instance of the master redundancy depends on the status of a VRRP.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Contributor II

Re: Controllers cannot ping each other

Yes i have.

VRRP works well.

 

Virtual Router 1:
Description VRRP Master
Admin State UP, VR State MASTER
IP Address 192.168.230.77, MAC Address 00:00:5e:00:01:01, vlan 75
Priority 200, Advertisement 1 sec, Preemption Enable Delay 5
Auth type PASSWORD, Auth data: ********
tracking is not enabled

 

Virtual Router 1:
Description VRRP Slave
Admin State UP, VR State BACKUP
IP Address 192.168.230.77, MAC Address 00:00:5e:00:01:01, vlan 75
Priority 100, Advertisement 1 sec, Preemption Enable Delay 5
Auth type PASSWORD, Auth data: ********
tracking is not enabled

 

Failover test from an external ping work fine too.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: