AP backup tunnel not establishing

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Hi Community

We have two C5210 Controllers configured in a High Availability cluster.
The solution is configured as a Primary/Backup solution, with all the AP's homing to the first controller as the primary and the secondary as the backup.

We have just over 600 AP's.

On the second controller we see the following error for random AP's.



The AP can reach both controller so this is not a routing error as refered to in the below post:
https://gtacknowledge.extremenetworks.com/articles/Solution/APs-do-not-create-backup-tunnel-to-other...

Any ideas?

Regards
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,350 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Nathiya Munuswamy

Nathiya Munuswamy, Employee

  • 1,706 Points 1k badge 2x thumb
Hi Andre,

What is the firmware version running on the controller?


Regards,
Nathiya M
(Edited)
Photo of David Choi

David Choi, Employee

  • 1,972 Points 1k badge 2x thumb
Hi Andre,
Did you configure "Wireless Controller Search List" in all APs as below?

Above configuration would be recommended in HA environment. Please ensure that the IP address of primary controller should be located in upper side and bottom side for secondary controller.

And also please check followings:
  • If there is any blocking point for UDP port 13911 between APs and secondary controller.
  • if Secure tunnel is enabled on thoes APs (please disable if it is not neccessary)

Can you also show us the screen of "AP availability" (Report > APs > AP Availability)? 
(Edited)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
Hi Andre,

just to make sure ... you are talking about Availability with Fast Failover enabled ?
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
When I have seen this, often a cset factory on the AP will do the trick.  But it's not all of the APs.  It's usually only a few that went "crazy" after applying an update.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,328 Points 50k badge 2x thumb
As Jermey mentioned it's either after a software upgrade during the first authentication - will fix itself within minutes - or if "normal" availability is configured and the AP lost the connection to the home controller but the controller-controller link is still up = FAD.
Photo of Nathiya Munuswamy

Nathiya Munuswamy, Employee

  • 1,706 Points 1k badge 2x thumb
Hi Andre,

Please check the High Availability Pre-requisites for your reference,

https://gtacknowledge.extremenetworks.com/articles/How_To/Pre-requisites-for-IdentiFi-Appliance-High... 



Regards,
Nathiya M
Photo of Tony

Tony

  • 550 Points 500 badge 2x thumb
We have the same problem. In the past a reboot of the Controller solved it. 
Reboot, power cycle of the APs and factory default do not fix the problem. I will open a GTAC case.

Problem seems not be related to routing or firewall rules. We have some IP networks with APs that have backup tunnel and APs that do not have a backup tunnel. 

It looks like this problem appears after some uptime of the Controller and then does primarily affect new access points.