Wireless Access

last person joined: 16 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

NAD address in Aruba cluster setup

This thread has been viewed 5 times

  • 1.  NAD address in Aruba cluster setup

    Posted Sep 03, 2018 05:45 AM

    HI 

     

    have a setup with a customer, like this: 
    VRRP for aruba-master - 192.168.1.100
    VRRP for cotroller 1 in cluster: 192.168.1.13

    VRRP for controller 2 in cluster 192.168.1.14

     

    however, in NPS i see both 1.100 and 1.13 as NAD device in logs. Why is it shifting back and forth? shouldn't it always be the IP-Addresses for the VRRP for the cluster - as mentioned in the LAB SETUP VRD for AOS 8.2.X ? 



  • 2.  RE: NAD address in Aruba cluster setup

    Posted Sep 03, 2018 08:28 AM

    Hi,

     

    I assume by "VRRP for aruba-master" you are talking about the cluster wide VRRP address, which you use to point DNS to? So that your accesspoints can by pointed there?

     

    Anyway. I don't see access tracker entries, showing this address in my installations.

    But what you see is dependend on what authentication you are performing. (Users at APs / APs at controllers / admins at controller UI / ...).

    So maybe you can provide some sanitized access tracker output?

     

    For users authenticating at your wireless network you should see in access tracker input tab:

    - Radius:IETF:NAS-Identifier pointing to the node IP of the controller

    - Radius:IETF:NAS-IP-Address pointing to the VRRP address specific to the same cluster node

     

    Regards,

    Jörg

     



  • 3.  RE: NAD address in Aruba cluster setup

    Posted Sep 03, 2018 08:37 AM

    thanks for getting back to me.

    yes, vrrp for aruba-master is for access point discovery. 

     

    in Radius Logs we sometimes see that particular address, other times we see the VRRP addresses that's configured in the cluster setup. This changes after reboot. straight after reboot aruba-master VRRP is listed, after some time - cluster VRRP shows, and naturally authentication fails due to wrong radius client



  • 4.  RE: NAD address in Aruba cluster setup

    Posted Sep 03, 2018 08:47 AM

    as a workarround, you could add the aruba-master VRRP as NAD to clearpass... Shoukld work, if you use the same radius-key for all nodes in the cluster.

     

    Maybe the arubamaster VRRP IP is active some time before the cluster node specific VRRP? You could test this with constant pings while rebooting...

     

    I do not see that behaviour, but do not reboot the controller too often ;-)

     

    Regards,

    Jörg



  • 5.  RE: NAD address in Aruba cluster setup

    Posted Sep 03, 2018 10:13 AM

    What have you set the RADIUS Client NAS IP address to on the controllers? Or is it left as default?

     

     



  • 6.  RE: NAD address in Aruba cluster setup

    Posted Sep 04, 2018 05:19 AM

    no NAS-IP set in AAA-radius server, only NAS identifiet. From VRD; 

     

    ArubaOS reserves VRRP instance IDs in the 220-255 range. When the master of each instance sends RADIUS requests to the RADIUS server it injects the VIP of its instance into the message as the NAS-IP by default.

     

    not sure if addig NAS-IP in radius setup here would trouble the CoA and VRRP. 

    I've never given this any thought before - but a Radius message cannot have 2 NAD-IP--- i guess



  • 7.  RE: NAD address in Aruba cluster setup

    Posted Sep 04, 2018 05:20 AM

    it's a PoC so workaround is not a good way to go. Will have customer add NAD-IP in configuration