Wireless Access

Contributor II

Master redundancy/database sync and 'firewall cp'

I am trying to get master/master redundancy working between two controllers howerver the database sync is not working because of the 'firewall cp' rules I have in place. Removing the 'firewall cp' rules fixes it but I need these rules in place.


I have tried to whitelist the IP address of both controllers on both sides however the sync still fails.


Does anyone know if the rules I have below are right and if not what they should be? 


(master-wmc1) #show database synchronize

Last synchronization time: Tue Apr 18 11:14:33 2017
To Master Switch at 1x.1x.2x.1x: *** FAILED ***
WMS Database backup file size: 162356 bytes
Local User Database backup file size: 23507 bytes
CPSec Database backup file size: 3248 bytes
Synchronization took 42 second
Last failure cause: Standby switch did not acknowledge the user database restore request

789 synchronization attempted
787 synchronization have failed

Periodic synchronization is enabled and runs every 20 minutes
Synchronization doesn't include Captive Portal Custom data


All Switches
IP Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
---------- ---- -------- ---- ----- ------- ------ ------------------- ---------------------- ---------
1x.1x.2x.11 master-wmc1 Data-Center1 master Aruba7220 up UPDATE SUCCESSFUL 0 34
1x.1x.2x.12 master-wmc2 Data-Center2 standby Aruba7220 up UPDATE SUCCESSFUL 9 34


Here are the firewall rules I have added in:

firewall cp
ipv4 permit 1x.1x.2x.0 proto 6 ports 0 65535
ipv4 permit 1x.1x.2x.0 proto 17 ports 0 65535
ipv4 permit 1x.1x.2x.0 proto 50 ports 0 0

Search Airheads
Showing results for 
Search instead for 
Did you mean: