Wireless Access

hi everyone. I faced a problem in configuring Aruba equipment. So, I have 5 controllers in Master/local config mode (2 masters and 3 locals). They are using VRRP to provide redundancy and everything seems to be ok, exept of few APs. I found, that everything is working fine if APs are provisioned to use any of controllers as master. But they are going down while they are provisioned as VRRP VirtualIP as master controller IP address. Also, note that such behavior refers to a few APs, all other are in normal operatipnal state using VRRP VIP. All the controllers are in the same vlan, thay all are 3000 models and using ArubaOS 6.3.1.13

Are the problem APs by chance an IAP converted to campus AP? 

 

Also, have you manually set any of the env parameters?.

No, there are regular APs. They are not converted from IAPs. Also, I tried to to change env settings. I found, that there is a problem with one VRRP instance at one controller. But I cann't understand the problem because others APs are working fine on current VRRP instance.

What is the difference e between those access points and the others? It could be anything like an incorrect t subnet mask....

Do you have the ability to compare a "bad" AP boot sequence to a "good" AP boot sequence?

We need to understand the working and non-working scenarios. What exactly few AP`s are doing when it doesnt come up. As Jamie mentioned, console logs cna give some inputs to understand behavior. Wondering, what happens when you reset one of the AP and point the master to VIP address ?

 

Thank you,

Sriram

Hi, everyone I'm sure that everything is ok with TCP/IP configuration of AP. I'll try to get boot sequence logs from APs and post it here later. Also, I found that bad APs are trying to make IPsec tunnels to VIP. I checked IPsec and ISAKMP SA and found that bad APs cannot build a tunnel. IPsec SA for that APs appears for a while and goes down.. So APs don't reboot because thay can reach the controller but cannot connect to it. If I'm using just an controllers IP address as master for bad APs everything is ok.

Output from APs boot are in attachments.
I found them equal. The only differense is that AP connected to XXX.XXX.XXX.30 master is ok, instaed AP connected to XXX.XXX.XXX.17.
APs are placed in the same branch and the same vlan, both refers the same AP group.

Can you get a printenv off of each one also?

 

These APs are not doing DHCP. So there has to be an error or dissimilar configuration. 

 

Got all network params from APboot env. Skipping DHCP
XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
Running ADP...Done. Master is XXX.XXX.XXX.30

 

Got all network params from APboot env. Skipping DHCP
XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
Running ADP...Done. Master is XXX.XXX.XXX.17 

 

Have you tried purgeenv on one of the bad APs?

jamie, I'll post printenv output later. I have to get it from APs, which are placed in branches. I was trying purgeenv and factory_reset commands but results was the same.

Understand.

When you purge the APs are you rebooting and letting them do their thing (DHCP, ADP, etc) or are you having reconfigure them statically?

I'm assuming .17 and .30 are in the same subnet correct?



[aruba-hp-signature-2_160x105.jpg]

Jamie R. Easley
Community Administrator, ACMP, CWNA, Security + | Southeast
M: 706.889.2719 | @Jamie_easley | SKYPE: jamie_easley
1344 Crossman Ave | Sunnyvale , CA

community.arubanetworks.com

Actually, I was trying both methods (dhcp option is also included for master discovery)... Result was the same. Yes, .17 and .30 are in the same subnet. Also, all controllers are in the same subnet, but are placed geographically distantly. OTP technology is used to combine controllers in the same vlan. So, .17 VRRP VIP address is distributed across two locations.