Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Hurt,Trenton W.]

I also have majority of config at lower folder levels than the managed network 
level.  And with airgroup from 8.2 on you have the airgroup profiles that 
“should” allow you to override config from managed network level.  For airgroup 
tac escalation folks instructed me to do all the airgroup config at the managed 
network level.I’ve done that and now airgroup servers are discovered and 
show up in mm gui and cli.  It’s just now clients can’t discover the airgroup 
servers.  This is shown in show datapath filtering for specific client and 
5353.  The flags are 0o which shows the openflow duplicate error.

I’ve been told there is a patch and custom build are being worked now.



Trent Hurt

University of Louisville


From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Erick.Matherly 

Sent: Tuesday, January 14, 2020 5:07:40 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU 
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?


@Trenton did you just have to apply the AirGroup Config at the Managed Network 
node for Airgroup to work? We have a subfolder underneath MN that we have 
always applied our centralized config to.



We are also experiencing airgroup issues…



We have a cluster of 7210s that we upgraded from 8.3.0.5 to 8.5.0.3 back in 
October after purchasing a number of 515s to deploy. The upgrade went bad when 
one of the MDs failed to upgrade. We got TAC assistance to downgrade the MD 
that did upgrade, re-build the Cluster, and then perform the upgrade once 
again. Testing looked good afterwards and the cluster was stable so we went 
ahead and deployed the 515s.



Unfortunately, we neglected to test airgroup after the upgrade. It was a few 
weeks before we were notified that it was no longer working. After a few weeks 
of back and forth with TAC (5-6 4+ hour calls with lots of packet captures, 
datapath traces, and tech dumps) Configuration was verified and the ticket was 
kicked up to Engineering as a potential bug. Unfortunately, it is still sitting 
with Engineering and it sounds like it will be a while before resolution.



This has definitely been the most frustrating case I have ever had with Aruba. 
That being said, we have received phenomenal customer support over the years. 
Our SEs have been top notch as well. We are all in with Aruba for Switching, 
Wireless, ClearPass, and Airwave. I have never had any finger pointing because 
they can always pull in a switching or clearpass Engineer if they do not 
believe wireless is the issue.





[cid:image006.jpg@01D4962B.62F5E7F0]

Erick Matherly

Network Administrator | Trinity Christian College

6601 West College Drive | Palos Heights, Illinois 60463

[cid:image007.png@01D4962B.62F5E7F0][cid:image008.png@01D4962B.62F5E7F0][cid:image009.png@01D4962B.62F5E7F0][cid:image010.png@01D4962B.62F5E7F0]

708.239.4818  | erick.mathe...@trnty.edu









From: The EDUCAUSE Wireless Issues Community Group Listserv 
 On Behalf Of Hurt,Trenton W.
Sent: Tuesday, January 14, 2020 2:04 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?



For you other 3 bugs any related to airgroup?  I’m having airgroup issue with 
8.5.x.  Running in centralized mode with no airgroup profiles.  Working with 
TAC they found that the Airgroup config has to be done from /md level a

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Amel Caldwell]

Hi Keith and Michael—

That is correct.  We recently experienced a meltdown on our campus  due to this 
very issue.  We had to enable cpsec and that seems to have fixed the issue then 
snow hit our area and we have not hit anywhere near the normal level of traffic 
so we are, at this point, “cautiously optimistic”  .  I don’t consider this a 
permanent fix and have been assured the fix to place PAPI traffic into separate 
queues will be in 8.3 and 8.5 code trains.

I would warn that you need to be careful because this causes control traffic 
from the AP to be sourced through the IPSEC tunnel and over the controller 
uplink.  If you have IP Spoofing deployed then you will have to allow APs’ IP 
traffic.

Amel

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of "Miller, Keith C" 

Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Wednesday, January 15, 2020 at 6:40 AM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Hi Michael,

Currently we do not and yes, that is the situation as I understand it. The PAPI 
traffic between APs and the controllers use the same queue that the controller 
to controller heartbeats use. Enabling CPSec moves that traffic traffic to a 
different queue.

We’re expecting to enable CPSec in Resnet today.

Regards,
Keith

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Davis 
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, January 14, 2020 at 3:56 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Do you run CPSEC on your APs?   I've heard that non-CPSEC AP connections can
contend with the controller cluster heatbeats and cause disconnect.

On 1/14/20 3:37 PM, Miller, Keith C wrote:
Hi Trent,

No not related to AirGroup, but we’ve had problems with AirGroup server leaks 
in the past on 8.4 – One of the solutions was to configure AirGroup in 
centralized mode at the group level.

The other problems are related to the 515s and we are suffering from cluster 
disconnects in a few of our 8.x environments for what seems to be varying 
reasons.

Regards,
Keith





--

 Mike Davis

 IT - University of Delaware  - 302.831.8756

 Newark, DE  19716 Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

[Miller, Keith C]

Hi Michael,

Currently we do not and yes, that is the situation as I understand it. The PAPI 
traffic between APs and the controllers use the same queue that the controller 
to controller heartbeats use. Enabling CPSec moves that traffic traffic to a 
different queue.

We’re expecting to enable CPSec in Resnet today.

Regards,
Keith

From: The EDUCAUSE Wireless Issues Community Group Listserv 
 on behalf of Michael Davis 
Reply-To: The EDUCAUSE Wireless Issues Community Group Listserv 

Date: Tuesday, January 14, 2020 at 3:56 PM
To: "WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU" 
Subject: Re: [WIRELESS-LAN] Who has transitioned away from Aruba, and why?

Do you run CPSEC on your APs?   I've heard that non-CPSEC AP connections can
contend with the controller cluster heatbeats and cause disconnect.

On 1/14/20 3:37 PM, Miller, Keith C wrote:
Hi Trent,

No not related to AirGroup, but we’ve had problems with AirGroup server leaks 
in the past on 8.4 – One of the solutions was to configure AirGroup in 
centralized mode at the group level.

The other problems are related to the 515s and we are suffering from cluster 
disconnects in a few of our 8.x environments for what seems to be varying 
reasons.

Regards,
Keith




--

 Mike Davis

 IT - University of Delaware  - 302.831.8756

 Newark, DE  19716 Email da...@udel.edu

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**
Replies to EDUCAUSE Community Group emails are sent to the entire community 
list. If you want to reply only to the person who sent the message, copy and 
paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community