Yes, zero drops/errors on the interfaces for both controllers and the VM cluster that FortiNAC lives on.
Original Message:
Sent: Jul 04, 2024 09:38 AM
From: Herman Robers
Subject: Aruba CX 6405 and Copp Policies
If MTU is the issue, I would expect to see input/output errors or drops on your interfaces. Have you checked the interface counters already?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 04, 2024 09:17 AM
From: nkuhl30
Subject: Aruba CX 6405 and Copp Policies
Our Aruba SE mentioned that the 8212zl had a default MTU of 1522 instead of 1500 on the new CXs. Do you think that could be causing an issue? Would it be a good idea to increase the default MTU to 1522 on the controller interfaces connected to the new core?
Original Message:
Sent: Jul 04, 2024 02:44 AM
From: Herman Robers
Subject: Aruba CX 6405 and Copp Policies
CoPP should only affect traffic to your switch, not traffic through (from NAC to controllers/APs). If you see that you lose traffic, it may be good to investigate this further with your Aruba partner and/or TAC Support.
Except if someone reading this has seen the same and knows the answer.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jul 03, 2024 04:14 PM
From: nkuhl30
Subject: Aruba CX 6405 and Copp Policies
We've just moved our core from an HP 8212zl to an Aruba CX 6405. Almost immediately, we've been having issues with out NAC (FortiNAC) polling our Aruba 8 wireless cluster and 337 APs. According to FortiNAC, it loses contact with both controllers and most APs at random times throughout the day. The controllers and APs are not going down, FortiNACs polls (SNMP and ping) are sporadically failing.
After way too much time, this led me to think that these new copp policies may be causing the issue. If we look at the copp policy stats, there are a few lines of note:
WS-Core01# show copp-policy stat
Statistics for CoPP policy 'default':
Totals:
packets passed : 5050627 packets dropped : 39534
Class: icmp-unicast-ipv4
packets passed : 103783 packets dropped : 161
Class: ip-exceptions
packets passed : 415463 packets dropped : 32799
Class: unresolved-ip-unicast
packets passed : 773216 packets dropped : 6574
We did not have a control plane policy enabled on our 8212zl. It's enabled by default on the CX line and can't be turned off, only modified. Is there a way to whitelist my FortiNAC/controllers/APs or simply the VLAN traffic from being monitored with packets being dropped?