Hi all,
First of all, I have done some digging through the Forums and found several references to the issue eluded to in my title, but so far have found nothing that has helped me resolve the problem.
There's a brief back story I'll put out there first...
I configured an AP105 as a RAP in the UK using our standard procedure; used setenv master, defined the RAP in the Whitelist and added to the RAP Group. AP booted up fine and was usable. I visited our Milan office to peform a LAN upgrade (purely switch swap) and connected the AP. While I was there, I was able to connect to our internal WiFi SSIDs.
Two weeks later, the AP had 'magically' decided that it wanted to be owned by our controller in the US, which the Network team there asked me to remove as it was using one of their licenses. Removed the AP from the AMP server but it kept coming back as being picked up by the US controller. I discoverde that this was due our mutilple-domain environment and it picking up aruba-master.int.. rather than aruba-master.eame...
To get around this, I asked or server admin to give the AP a static IP address and change the DNS server field to eame.domain.com (where the UK controller resides as aruba-master).
The AP is now picking up an IP address and contacting the UK controller... but then it looks as though the communication stops:
Feb 27 14:16:03 nanny[605]: <303086> <ERRS> |AP mil-erap1@10.63.24.145 nanny| Process Manager (nanny) shutting down - AP will reboot!
Feb 27 14:16:03 nanny[605]: <303086> <ERRS> |AP mil-erap1@10.63.24.145 nanny| Process Manager (nanny) shutting down - AP will reboot!
Feb 27 14:16:03 sapd[662]: <311002> <WARN> |AP mil-erap1@10.63.24.145 sapd| Rebooting: SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1278 dest=10.62.16.1 tries=10 seq=0
Feb 27 14:17:05 nanny[605]: <303022> <WARN> |AP mil-erap1@10.63.24.145 nanny| Reboot Reason: AP rebooted Fri Dec 31 16:04:35 PST 1999; SAPD: Unable to contact switch: HELLO-TIMEOUT. Last Ctrl msg: HELLO len=1278 dest=10.62.16.1 tries=10 seq=0
This loop continues...
It appears that the communication path is clear though. I can ping/traceroute from the controller, from the UK and Milan switches from controller IP to AP IP.
sh datapath session table appears to show the devices communicating:
(crw-aruba01) #show datapath session table 10.63.24.145
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
-------------- -------------- ---- ----- ----- ---- ---- --- --- ----------- ---- --------- --------- -----
10.62.16.1 10.63.24.145 17 8211 8211 0/0 0 0 1 pc0 9 0 0 FYI
10.62.16.1 10.63.24.145 17 8222 8211 0/0 0 0 1 pc0 9 0 0 FYI
10.63.24.145 10.62.16.1 17 8211 8211 0/0 0 0 1 pc0 9 0 0 FCI
10.63.24.145 10.62.16.1 17 8211 8222 0/0 0 0 1 pc0 9 0 0 FYCI
10.62.16.1 10.63.24.145 17 44690 8211 0/0 0 0 0 pc0 9 0 0 FYI
10.63.24.145 10.62.16.1 17 8211 44690 0/0 0 0 0 pc0 9 0 0 FYCI
(crw-aruba01) #ping 10.63.24.145
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 10.63.24.145, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36.468/37.1382/37.906 ms
(crw-aruba01) #traceroute 10.63.24.145
Tracing the route to 10.63.24.145 ....
1 10.62.16.126 (10.62.16.126) 0.732 ms 0.400 ms 0.381 ms
- hops removed for cleanliness
9 10.63.24.145 (10.63.24.145) 37.020 ms 36.754 ms 36.974 ms
(crw-aruba01) #
It just refuses to go any further and will not appear on the AMP server as a new device or the ap database on the controller.
Any help to resolve this would be appreciated.
Controller AOS version: 6.2.1.4
AMP Server version: 7.6.4
We have deployed several other RAPs to similar sites with no issues previously. Sites are connected via IPSec/GRE.
Many Thanks.