Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

PAPI traffic between WLC and AirWave ?

This thread has been viewed 1 times

  • 1.  PAPI traffic between WLC and AirWave ?

    Posted May 10, 2016 08:08 AM

    Hi Guys,

     

    I have a customer with 3 WLC Cluster and AirWave. AirWave is used for monitoring and also for SNMP and Syslog messages. So in the WLC Config the AirWave IP appears 3 times:

    mgmt-server type amp primary-server 10.20.30.40 profile default-amp

    […]

    logging 10.20.30.40

    […]

    snmp-server host 10.20.30.40 version 2c public udp-port 162

     

    In the Checkpoint FW, I can see that SNMP and Syslog messages are send from the Mgmt Interface to AirWave. But I see also traffic classified as "Aruba_PAPIs", from the Data VRRP IP Address (not the mgmt) destinated to AirWave. This trafic is dropped because of Address Spoofing...

     

    Is it normal that some PAPI traffic is exchanged between the Controller and AirWave (Airwave does only monitoring)?

    Is it possible to force each Controller to use to Mgmt Interface as Source Interface to discuss with AirWave?

     

    Thanks for your answers,

    Kind regards,

    Nicolas.



  • 2.  RE: PAPI traffic between WLC and AirWave ?

    EMPLOYEE
    Posted May 10, 2016 08:11 AM
    PAPI is used by AMON to send things like firewall data, UCC data and client
    statistics to AirWave.



    What do you have set for your controller IP?


  • 3.  RE: PAPI traffic between WLC and AirWave ?

    Posted May 10, 2016 09:21 AM

    Hi Tim,

     

    Thanks for your answer.

    The controller-IP is the physical IP address from the Data interface



  • 4.  RE: PAPI traffic between WLC and AirWave ?

    Posted Jun 30, 2016 07:37 AM

    Hi Tim,

     

    Should I configure the management IP Address as Controller-IP?



  • 5.  RE: PAPI traffic between WLC and AirWave ?

    EMPLOYEE
    Posted Jun 30, 2016 09:31 AM

    Do you have a firewall between the controller and Airwave?

     



  • 6.  RE: PAPI traffic between WLC and AirWave ?

    Posted Jun 30, 2016 09:35 AM

    Hi Colin,

     

    Yes I have a checkpoint firewall, but he is not blocking the traffic.

    I want the PAPI messages to be sent from the Management interface not the Data interface



  • 7.  RE: PAPI traffic between WLC and AirWave ?

    EMPLOYEE
    Posted Jun 30, 2016 09:53 AM

    type "show controller-ip".  That will determine what ip address AMON messages come from.

     

    You can change the controller-ip, however:

     

    (Aruba7640-US) #configure t
Enter Configuration commands, one per line. End with CNTL/Z

(Aruba7640-US) (config) #controller-ip ?
loopback                Set to loopback interface
vlan                    Set to VLAN interface

    The only issue is that all of the AP traffic will have to be terminated on that ip address, as well..

     



  • 8.  RE: PAPI traffic between WLC and AirWave ?

    Posted Jun 30, 2016 10:10 AM

    My Controller-IP is the Data interface IP.

    As I don't want my AP to connect to the management IP to build their tunnel, I cannot use the management IP as Controller-IP.

    If I use a loopback, is it better to configure it with a /32 mask or use another IP from the Data subnet?



  • 9.  RE: PAPI traffic between WLC and AirWave ?

    EMPLOYEE
    Posted Jun 30, 2016 10:12 AM

    If you use a loopback, it must be in the same subnet as another interface.  That becomes the management interface where AMON comes from and APs need to connect to.