Wireless Access

Setup: 

 

Controller: Two 7210 Controller (Master/Standby) running Aruba OS: 6.3.1.12

CPPM: ver 6.4.2.68288

Campus AP225

IAP225 (remote site) - Manual GRE Tunnel Guest Vlan and BYOD Vland back to Controller.

 

Issue: We are seeing that Standby Controller seeing a ton of authenication (1Million authenication request) to the Clearpass server within a 24 hrs time frame. All of the request are being rejected. Within Asset Tracker, we are seeing one Mac Address and that Mac address belong to the Standby 7210 Controller. 

 

When reboot the Secondary 7210 controller, the cause CPPM to spit out an error ("Database query error, please try again". See attachment. 

 

Have been on the casse with TAC for two days now and we are getting nowwhere near a resolution.

 

 

Thnx.

C Khen

#AP225
#7210

Can you please share the access tracker reject request / input tab ?

Have made any new changes recently ?

What do you mean by the VRRP MAC address ?

OK...after 7 long day of troubleshooting with Global Escalation TAC, we found the issue.

 

The millions of authenication request hitting CPPM was due to a spanning-tree loop from 2 IAP clusters at the same remote sites. The issue we were experience is related to this article.

 

http://community.arubanetworks.com/t5/Controller-less-WLANs/IAP-L3-mobility-causes-loops/ta-p/185890

 

 

We had 2 IAP clusters and passing (trunking) the same vlan back to the controller (Vlan-110 Guest) and (Vlan-111 BYOD). The loop was trigger by having the same user VLANs (110, and 111) are added into the IAP uplink trunk ports in each cluster.

 

To resolved the issue, i eliminate the second cluster at the site and join it to the 1st cluster.

 

 

 

 

 

Good to know , glad you guys were able to fix the issue