Wireless Access

Setting up a lab for testing some master/local configs since majority of our sites are only masters. I have two controllers on the same network that have no configs/licensing on them yet other than L2/L3 connecitivty. They are both remotely accessible however they can't seem to ping eachother, are other production controllers are in the same network and can ping them fine. Not sure what the issue is here as there are no firewall rules in place to block communications on the same network and they are on the same switch.

Also tried locking down the management to tacacs on the local and that's not an option, I assume that's just because it takes the configuration from the master but obviously they can't communicate. Not even sure what commands to run to check master/local connectivity.

Type "show switches" on the master to see if it can "see" the local.

So looks like the master can reach the local but not vice versa. Neither can ping eachother though, any thoughts?

(aruba-lab1) #show switches

All Switches
------------
IP Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
---------- ---- -------- ---- ----- ------- ------ ------------------- ---------------------- ---------
1010.10.10 aruba-lab1 Building1.floor1 master Aruba7030 6.4.4.6_54633 up UPDATE SUCCESSFUL 0 9

Total Switches:1

(aruba-lab2) #show switches

All Switches
------------
IP Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
---------- ---- -------- ---- ----- ------- ------ ------------------- ---------------------- ---------
10.10.10.11 aruba-lab2 Building1.floor1 local Aruba7030 6.4.4.6_54633 up LAST SNAPSHOT(Master Unreachable) 0 0

Total Switches:1

"show switches" on the master should show the master and the local.

"show switches" on the local should show only the local.

Neither of your devices can reach each other.  If the controller ipsec key(s) are entered, it is expected that the controllers would only be able to reach each other through that tunnel.  If the keys are wrong, they won't be able to reach each other.

 Please try re-entering the keys.

On the master type :

encrypt disable
show running-configuration | begin localip

That will show you the key on the master side.  Make sure it matches on the local side.

Also type "show crypto ipsec sa" to see if the ipsec tunnel between controllers is up.

I think you are misreading the results of the show switches command.   Each shows only itself.

When a master/local pair is setup, the communicaiton is done within a tunnel.  If the tunnel is not working, neither will communication, including pings.

Verify your PSK for the master/local setup to ensure they are correct (shown below) and you can also look for related messages in the security log.

#show log security <count>

From Master:

#encrypt disable

#show run | include localip

From Local:

#encrypt disable

#show run | include masterip

Neither of these devices have a PSK, the only thing that has been done is given these two devices IP addresses and host names. Is there an extra configuration I'm not aware of that these need to communicate to eachother? Inital config I just told the local what the master IP was with MAC address I'd assume that was good enough as long as it could communicate.

Master controller gives no local-ip 

(aruba-lab1) #show running-config | include localip
Building Configuration...

(aruba-lab2) # show running-config | include masterip
Building Configuration...
masterip 10.10.10.11 ipsec-factory-cert master-mac-1 00:0B:86:B5:40:F7

On the Master you need to go to Configuration> Network> Controller> Local Controller IPSEC Keys.  Set the local's ip address and a key twice for the ipsec connection:

On the local, go to Configuration> Network> Controller> System Setting.  Set the role to local.  Put in the master's ip address and the ipsec key twice.  You will be asked to reboot the local: