SD-WAN

 View Only
last person joined: 21 hours ago 

Forum to discuss HPE Aruba EdgeConnect SD-WAN and SD-Branch solutions. This includes SD-WAN Orchestration WAN edge network functions - routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practics, and third-party integrations. All things SD-WAN!
Back to discussions
Expand all | Collapse all

VPNC - SystemIP

This thread has been viewed 70 times

  • 1.  VPNC - SystemIP

    Posted Dec 30, 2020 05:59 PM
    I do not particularly understand what the SystemIP is used for, or how to make it 'work'. The documentation says that it is for communicating with Aruba-Central and internal network services. I saw an airheads video that said that it is like a loopback address and shouldn't be assigned to an interface.

    I have set the systemIP to use a VLAN that is internally routable via a gateway pool with an IP range that should be routable. I have set the operstate to UP. However, I cannot ping this address and I cannot source ping from the address. Also, Aruba-Central connectivity is working fine.

    My questions are:
    • What should the IP be set to?
    • Should it be routable?
    • What are the real purposes of this IP? I keep getting conflicting information.


    ------------------------------
    ACCX #1239 || ACEP || ACSP || CWNA || CWSP
    ------------------------------


  • 2.  RE: VPNC - SystemIP

    Posted Dec 31, 2020 01:56 AM
    It's used for RADIUS, syslog, SNMP but not for connecting to Central. We're using loopback address for this and redistribute it
    Original Message


  • 3.  RE: VPNC - SystemIP

    Posted Dec 31, 2020 09:30 AM
    Should the IP be routable and be able to communicate with the internal network? That's where I'm drawing a blank. . I cannot ping the address even though it is routable on my network.

    ------------------------------
    ACCX #1239 || ACEP || ACSP || CWNA || CWSP
    ------------------------------

    Original Message


  • 4.  RE: VPNC - SystemIP
    Best Answer

    Posted Dec 31, 2020 10:06 AM
    Yes as it's source IP for RADIUS/syslog, and "such as services" (manual is a bit vague also in this...). If you've configured it as a loopback IP you should be able to ping it from the VPNC itself and if it's routed properly then from anywhere else. Of cours edepending on how you have configured the interface facing the rest of the network, towards internal network it should be trusted with policies so the VPNC doesn't track sessions on those interfaces. If you hve very restricted policy I think it's going to block your pings too
    Original Message


  • 5.  RE: VPNC - SystemIP

    Posted Dec 31, 2020 10:11 AM
    Gotcha. The guides I have seen, they set an IP on a VLAN interface with a gateway pool. Then assigned that VLAN to the systemIP. I tried it that way with a routable IP/VLAN, but no dice.

    I will try using a loopback instead.

    ------------------------------
    ACCX #1239 || ACEP || ACSP || CWNA || CWSP
    ------------------------------

    Original Message


  • 6.  RE: VPNC - SystemIP

    Posted Dec 31, 2020 11:27 AM
    Gateway pools are used for branch gateways, you can assign address space for them and each device will be given one IP address on VLAN 4087 if I remember correctly and it is set up as always up so it's pretty much same as loopback address. For VPNC you need to configure a VLAN interface or loopback as system ip
    Original Message


  • 7.  RE: VPNC - SystemIP

    Posted Dec 31, 2020 11:49 AM

    I got the gateway pool from this video: (4) Aruba SD-Branch from scratch - Part 3 - VPNC - YouTube are these instructions dated?

    Also, I tried the loopback with the same results. I'm not sure what is up. Any troubleshooting tips?



    ------------------------------
    ACCX #1239 || ACEP || ACSP || CWNA || CWSP
    ------------------------------

    Original Message


  • 8.  RE: VPNC - SystemIP

    Posted Dec 31, 2020 06:11 PM
    I figured it out. . I didn't have a route to the loopback.

    ------------------------------
    ACCX #1239 || ACEP || ACSP || CWNA || CWSP
    ------------------------------

    Original Message


  • 9.  RE: VPNC - SystemIP

    Posted Jul 11, 2023 12:26 AM

    I am trying to solve the exact same situation and cannot wrap my head around what I'm doing wrong.  I see here you solved it - can you explain what you did or what you mean by "route to the loopback"?

    Do you use the Central Gateway-Pool as the Youtube SD-WAN VPNC video shows?  About to lose some hair to this, here.... :)



    ------------------------------
    ryh
    ------------------------------

    Original Message


  • 10.  RE: VPNC - SystemIP

    Posted Jul 11, 2023 12:30 AM

    On my local network there wasn't a route to the loopback address of the controller/gateway/etc. 



    ------------------------------
    ACCX #1239 || ACMX #1384 || ACDX #1481 || ACEX #137 || ACSP || CWNA || CWSP
    ------------------------------

    Original Message