Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Trail-info alert "VLAN: Bridge lookup mismatch"

This thread has been viewed 10 times

  • 1.  Trail-info alert "VLAN: Bridge lookup mismatch"

    Posted Aug 21, 2019 11:47 AM

    Hey Everyone,

     

    Does anyone know what the alert "VLAN: Bridge lookup mismatch" means from the "show ap client trail-info" output? I can't seem to find any documentation on what the different alerts mean. I suspect it has something to do with VLAN mobility (which I have enabled) but I'm not sure if it is normal or something I should be looking into.

     

    Here's some output:

    (mcisbaruba1) *#show ap client trail-info f8:63:3f:a6:e2:44

Client Trail Info
-----------------
MAC                BSSID              ESSID  AP-name          VLAN  Deauth Reason  Alert
---                -----              -----  -------          ----  -------------  -----
f8:63:3f:a6:e2:44  a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e  475   Client Match   VLAN: Bridge lookup mismatch

Deauth Reason
-------------
Reason               Timestamp
------               ---------
Client Match         Aug 20 13:55:47
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Unspecified Failure  Aug 20 13:22:04
Num Deauths:10

Alerts
------
Reason                        Timestamp
------                        ---------
VLAN: Bridge lookup mismatch  Aug 20 13:55:48
STA has roamed to another AP  Aug 20 13:49:08
STA has roamed to another AP  Aug 20 13:23:12
VLAN: Bridge lookup mismatch  Aug 20 13:21:55
STA has roamed to another AP  Aug 20 13:21:08
VLAN: Bridge lookup mismatch  Aug 20 13:19:49
STA has roamed to another AP  Aug 20 13:10:38
STA has roamed to another AP  Aug 20 13:09:52
STA has roamed to another AP  Aug 20 13:09:22
STA has roamed to another AP  Aug 20 13:08:11
Num Alerts:10

Mobility Trail
--------------
BSSID              ESSID  AP-name            VLAN  Timestamp
-----              -----  -------            ----  ---------
a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e    475   Aug 20 13:55:48
a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e    475   Aug 20 13:55:48
a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e    0     Aug 20 13:55:48
a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e    475   Aug 20 13:55:48
40:e3:d6:1a:a5:d1  srp    apxct32_autoparts  475   Aug 20 13:55:47
40:e3:d6:1a:a5:d1  srp    apxct32_autoparts  475   Aug 20 13:49:08
a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e    475   Aug 20 13:49:08
40:e3:d6:1a:a5:d1  srp    apxct32_autoparts  0     Aug 20 13:49:08
a8:bd:27:d2:8a:b1  srp    apxct32-01-6n1e    475   Aug 20 13:23:12
40:e3:d6:1a:50:71  srp    apxct32_swgarage   475   Aug 20 13:23:12
Num Mobility Trails:10

    Thanks!



  • 2.  RE: Trail-info alert "VLAN: Bridge lookup mismatch"

    EMPLOYEE
    Posted Aug 21, 2019 02:42 PM

    It means that the controller  found a VLAN for the user in datapath (bridge table), but the entry does not match the Virtual AP vlan.  The user's vlan will be changed to the new VLAN.

     

    I would uncheck VLAN mobility and "preserve vlan".



  • 3.  RE: Trail-info alert "VLAN: Bridge lookup mismatch"

    Posted Aug 21, 2019 05:21 PM
      |   view attached

    Thanks for the answer. So it sounds like I don't want to see that message. This makes me think what I have configured is not ideal or correct. I don't have preserve VLAN checked but I do have VLAN mobility checked. Preserve VLAN is used with VLAN pooling correct?

     

    The architecture I have is a two controller cluster stretched between two datacenters ( > 5 ms latency) with two VLANs for a single SSID. Datacenter 1 has VLAN 1 with the router as the HSRP primary and dataventer 2 has VLAN 2 with that router as the HSRP primary. The VAP profile VLAN is configured on each controller to reflect the primary VLAN in that datacenter. I've attached a diagram of what I'm trying to describe.

     

    Is this a bad design or will not work with how I have it configured?



  • 4.  RE: Trail-info alert "VLAN: Bridge lookup mismatch"

    EMPLOYEE
    Posted Aug 21, 2019 05:42 PM
    @charliepdean wrote:

    Thanks for the answer. So it sounds like I don't want to see that message. This makes me think what I have configured is not ideal or correct. I don't have preserve VLAN checked but I do have VLAN mobility checked. Preserve VLAN is used with VLAN pooling correct?

     

    The architecture I have is a two controller cluster stretched between two datacenters ( > 5 ms latency) with two VLANs for a single SSID. Datacenter 1 has VLAN 1 with the router as the HSRP primary and dataventer 2 has VLAN 2 with that router as the HSRP primary. The VAP profile VLAN is configured on each controller to reflect the primary VLAN in that datacenter. I've attached a diagram of what I'm trying to describe.

     

    Is this a bad design or will not work with how I have it configured?

    You could also possibly get that message if a device leaves one WLAN and attaches to another and is still in the switching table.

     

    You should not stretch a cluster between datacenters.  Clusters expect to be physically close to each other, have little latency and never expects to be split apart.  If your datacenters lose connectivity between each other sporadically, you could have an issue that you cannot diagnose easily.

    - Controllers do not fail often

    - Establishing a cluster is supposed to be the redundancy you need with stateless failover

    - Putting controllers in a cluster in separate datacenters is a recipe for uncontrollable issues, if there is a chance that those datacenters get disconnected.  If you insist on having a separate datacenter, it should be a backup LMS cluster  to an existing cluster so that everything is exactly where you expect it to be if there is an outage that separates datacenters.

     

     



  • 5.  RE: Trail-info alert "VLAN: Bridge lookup mismatch"

    Posted Aug 22, 2019 01:04 AM

    I am planning on moving to the design that you are describing. I definitely agree with you it's not ideal. I never liked how this was setup and the risks you describe are possible. I think the risk for those types of issues for us though is still low because these two site switches are directly connected over ptp private fiber links. Latency between these controllers is usually 1-2 ms. These links have uptime in years.

     

    This design is actually mentioned in the AOS 8 Fundamental guide too (page 167, https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-8-Fundamentals-Guide/ta-p/428914). I checked before posting to make sure I wasn't completely crazy :). They describe two clusters but each cluster is stretched across two sites.

     

    Anyways, I'm going to disable VLAN mobility and move to a single VLAN for both cluster members. It is adding additional complexity that I don't think is providing much extra value.

     

    Thanks!



  • 6.  RE: Trail-info alert "VLAN: Bridge lookup mismatch"

    EMPLOYEE
    Posted Aug 22, 2019 06:01 AM
    ...In a complicated network, you want as little complexity as possible so that when an issue does arise, you can easily understand it, and little messages do not drive you crazy trying to understand things.