Top Banner
ARUBA REMOTE ACCESS POINT (RAP) TROUBLESHOOTING Technical Climb Webinar 10:00 GMT | 11:00 CET | 13:00 GST October 17th, 2017 Presenter: Pravin Kumar [email protected]
38

EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

Jan 24, 2018

Download

Technology

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

ARUBA REMOTE ACCESS POINT (RAP) TROUBLESHOOTING

Technical Climb Webinar

10:00 GMT | 11:00 CET | 13:00 GSTOctober 17th, 2017

Presenter: Pravin Kumar

[email protected]

Page 2: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

2

Welcome to the Technical Climb Webinar

Listen to this webinar using the computer audio broadcasting or dial in by phone.

The dial in number can be found in the audio panel, click additional numbers to view local dial in numbers.

If you experience any difficulties accessing the webinar contact ususing the questions panel.

Page 3: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

3

Housekeeping

This webinar will be recorded

All lines will be muted during the webinar

How can you ask questions?Use the question panel on your screen

The recorded presentation will be posted on Arubapedia forPartners (https://arubapedia.arubanetworks.com/afp/)

Page 4: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

RAP SUPPORT IN 8.X

Page 5: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

5

Agenda

• Introduction• RAP support in clustering• Terminology• Configuration• Troubleshooting and Logs• Debugging commands• Limitations

Page 6: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

6

Introduction

Without Cluster:

• RAP should terminate on VRRP-IP or needs to configure lms & bkp-lms for redundancy• Client will deauth when AP fail over to other controller• Client traffic is interrupted during failover• RAP needs to download entire config on every rebootstrap/failover

With Cluster (8.x):

• Classic cluster controller supports redundancy for both Aps and clients • Dormant(standby) entry will be created for wireless users on standby controller • RAP will establish tunnel with all cluster members with same inner-ip for easy of management.• Cluster is limited to max 4 nodes in case of RAP

Page 7: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

RAP SUPPORT IN CLUSTERING

Page 8: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

8

Terminology

A-AACActive AP anchor controller, role given to AP where it is terminated. Config will be download from A-AAC controller.

S-AACStandby AP anchor controller, role given to AP where standby tunnel is established on controller. When active goes down Standby controller becomes active

Page 9: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

9

Terminology Contd..

UAC User Anchor Controller, a role given to a controller from individual User perspective. UAC handles all the wireless client traffic, including association/disassociation notification, authentication, and all the unicast traffic between controller and the client. The purpose of UAC is to fix the controller so that when wireless client roams between APs, the controller remains the same within the cluster.

S-UAC Standby Controller from the User perspectiveUser fails over to this controllers on Active UAC down

Page 10: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

10

Clustering overviewClustering for Mission Critical Networks

1Seamless Campus RoamingClients stay anchored to a single MD when roaming across controllers

3Client Load BalancingUsers automatically load balanced across cluster members

2Hitless Client FailoverUser traffic uninterrupted upon cluster member failure

Mobility Master/Standby

MCMC MC

Page 11: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

11

ClusteringHighlights

1 Available ONLY with Mobility Master

2 Only among Managed Devices (not MM)

3 No License needed

MC MC

Mobility Master/Standby

Headquarter

MC

Page 12: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

12

ClusteringHighlights

1 Available ONLY with Mobility Master

2 Only among Managed Devices (not MM)

3 No License needed

MC MC

Mobility Master/Standby

Headquarter

4 CAP, RAP and Mesh AP support MC

Page 13: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

13

ClusteringHighlights

5 72xx, 70xx and VMC supported

7210

7240

7220

72057030

7024

7010

7005

7008

VMC-50 VMC-

250 VMC-1k

Page 14: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

14

7024

ClusteringHighlights

5 72xx, 70xx and VMC supported

All Managed Devices need to run thesame software version

6 7210

7240

7220

72057030

7010

7005

7008

8.0.0

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

8.0.1

VMC-50 VMC-

250 VMC-1k

Page 15: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

15

ClusteringCluster Capacity

1 Up to 12 nodes in a cluster when using 72xx devices

7240

7205

7220

7205

7220

7205

7210

7205

7240

7205

7240

7205

Page 16: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

16

ClusteringCluster Capacity

1 Up to 12 nodes in a cluster when using 72xx devices

2 Up to 4 nodes in a cluster when using 70xx devices

7010

7005

7030

7024

Page 17: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

17

ClusteringCluster Capacity

1 Up to 12 nodes in a cluster when using 72xx devices

VMC-50 VMC-

250 VMC-1k

2 Up to 4 nodes in a cluster when using 70xx devices

3 Up to 4 nodes in a cluster when using VMC devices

VMC-1k

Page 18: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

18

ClusteringKey Considerations

1 Clustering and HA-AP Fast Failover mutually exclusive

2 Cluster members need to run the same firmware version

3 Size of Cluster terminating RAPs limited to 4

4 Mix of 72xx and 70xx devices in a cluster not recommended

Page 19: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

19

ClusteringAP Anchor Controller (AAC)

AAC S-AAC

Mobility Master/Standby1

AP sets up Active Tunnels with its LMS

(AAC)

2 S-AAC is dynamically assigned from other cluster members

3 AP sets up Standby Tunnels withS-AAC

Active Tunnel

Standby Tunnel

Page 20: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

20

ClusteringAAC Failover

AAC S-AAC

Mobility Master/Standby1 AAC fails and Failure detected

by S-AAC

2 AP tears tunnel and S-AAC instructs AP to fail over

Active Tunnel

Standby Tunnel

AAC

Page 21: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

21

ClusteringAAC Failover

AAC S-AAC

Mobility Master/Standby1 AAC fails and Failure detected

by S-AAC

2 AP tears tunnel and S-AAC instructs AP to fail over

3 AP builds Active tunnels with new AAC

Active Tunnel

Standby Tunnel

AAC AAC

4 New S-AAC is assigned by Cluster Leader

S-AAC

Page 22: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

22

CLI Configuration

• Create rap pool on MM/mynode node

• lc-rap-pool cluster-rap-pool <StartAddress> <EndAddress>

Configure cluster profile at node

(Aruba) [cluster2] (config) #lc-cluster group-profile 72xx (Aruba) [cluster2] (Classic Controller Cluster Profile "72xx")#controller 10.29.163.2 (Aruba) [cluster2] (Classic Controller Cluster Profile "72xx")# controller 10.29.163.3(Aruba) [cluster2] (Classic Controller Cluster Profile "72xx")# #redundancy(Aruba) [cluster2] (Classic Controller Cluster Profile "72xx")# #write memory

• Enable cluster membership on all nodes

(Aruba) [cluster2] (config) #change-config-node /md/cluster2/00:1a:1e:01:2f:58(Aruba) [00:1a:1e:01:2f:58] (config) #lc-cluster group-membership 72xx(Aruba) [00:1a:1e:01:2f:58] (config) #write memory

Page 23: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

23

UI Configuration

Page 24: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

24

UI Configuration Contd..

Page 25: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

25

Config verification

(ArubaMM2)#show lc-cluster group-membership

(ArubaMM3)#show lc-cluster group-membership

Page 26: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

26

Config verification

(ArubaMM2) #show ap database

(ArubaMM3) #show ap database

Page 27: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

27

Config verification

(ArubaMM2) #show whitelist-db rap

(ArubaMM3) #show whitelist-db rap

Page 28: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

28

Troubleshooting commands

(ArubaMM2) #show crypto isakmp sa

(ArubaMM3) #show crypto isakmp sa

Page 29: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

29

Troubleshooting commands

To check cluster IP entries, execute below command and it will work only on MM.

(Aruba) [mynode] (config) #show crypto isakmp clusterIP

Page 30: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

30

Troubleshooting commands

(ArubaMM2) #show user-table

(ArubaMM3) #show user-table standby

Page 31: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

31

Troubleshooting commands

(ArubaMM2) #show datapath station

(ArubaMM3) #show datapath station

Page 32: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

32

Troubleshooting commands

(ArubaMM2) #show gsm debug channel user

(ArubaMM3) #show gsm debug channel user

Page 33: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

33

Troubleshooting commands

(ArubaMM2) # show aaa cluster essid-all users

(ArubaMM2) #show aaa cluster essid-all bucketmap

Page 34: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

34

Troubleshooting commands

(ArubaMM3) # show aaa cluster essid-all users

(ArubaMM3) #show aaa cluster essid-all bucketmap

Page 35: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

35

Logging and Debugging commands

logging security level debugginglogging security level debugging process cryptoshow ap remote debug bucketmap datapath ap-name <ap_name>show ap remote debug bucketmap sapd ap-name <ap_name>show ap remote debug bucketmap stm ap-name <ap_name>show cluster-tech-support <filename>

CLI to show Active/standby Users:

show aaa cluster essid-all users <<< shows the active users for all the available essidsshow aaa cluster essid-all users standby <<< shows the dormant users for all the available essidsshow aaa cluster essid <essid> users <<< shows all the active users for a given essidshow aaa cluster essid <essid> users standby <<< shows all the dormant users for a given essid

Page 36: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

36

Limitations

Cluster is not supported for PSK-RAPs

RAP whitelistdb entry should be configured only on MM-M.

Cluster is not supported for external whitelilstdb

Cluster supports only for Cert-based RAPs

Page 37: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

37

Questions ?

Page 38: EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting

THANK YOU!