Wireless Access

I currently have an M3 as a master, M3 as local 1, and a 3600 as local2 all connected to a switch via trunk ports.  When i set up the IPSEC tunnels between the controllers without being connected to the existing LAN everything works fine.  As soon as I plug in my firewall connection and connection to the LAN to let the APs ride to the controller the IPSEC tunnels go down and the APs on the management VLAN all start flapping.  I am thinking this is a loop in the network.  Any input on this would be appreciated.

Yes, Spanning-tree is enabled on the controllers

Upstream switch is forwarding on spanning-tree

---

@WVTinSC wrote:

I currently have an M3 as a master, M3 as local 1, and a 3600 as local2 all connected to a switch via trunk ports.  When i set up the IPSEC tunnels between the controllers without being connected to the existing LAN everything works fine.  As soon as I plug in my firewall connection and connection to the LAN to let the APs ride to the controller the IPSEC tunnels go down and the APs on the management VLAN all start flapping.  I am thinking this is a loop in the network.  Any input on this would be appreciated.

---

If all 3 controllers are connected to the same switch, what are the IPSEC tunnnels used for?

Verify on the controllers that IPSEC endpoint IPs on the controllers ARP to the correct MAC addresses.  If not, look for proxy ARP problems, e.g., check that the firewall and routers on the distribution network agree with the netmasks assigned to the vlan and are not seeing packets that they think need fixup with proxy-ARP, as hairpins through a firewall are likely to be administratively prohibited.