I am trying to understand the exact method that Aruba (3000 series controllers running 6.1.3.5) use to manage the inner IP addresses. A TAC case was opened as part of another issue and lack of IP addresses was also discovered. I was told the controller Strong Swan to manage IPsec connection but this does not detail how the IP addresses are managed. If the RAP starts up and receives IP address then afterwards loses its connection to the controller (but stays powered up) does the RAP rebootstrap and pick up a new IP address B. If this connection is flapping how often will it receive a new IP address. TAC say that a rebootstrap does not result in the RAP picking up a new address.
True. Normally a reboot will trigger a new IP address. An access point will try as many times as the "IPSEC Retries" number in the AP system profile before it reboots". The controller tries to keep the same ip address on a rebootstrap but if the SA (security association) from the access point is gone, it will give it a new inner ip address. A rebootstrap does not ALWAYS result in the RAP picking up a new ip address. It depends on how long the AP takes to re-establish connectivity once it rebootstraps.
TAC seems to think that the controller will hold the address for 6 minutes but with a possible 500 RAPs operating across WAN links that may experience issues, a pool of 512 may not be enough. for example if a site with 5 APs is flapping.
If that is what TAC says, they probably know something. It would take that number.
The "inner" ip addresses are so plentiful that it takes nothing to increase them. If you feel you need to increase that number, go ahead!
Are there any resources available documenting the way the addresses are managed, I've drawn a blank with TAC for an explanation on this. I applaud the functionality of the Aruba equipment but they are light years behind Cisco with documenting functions.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.