We replaced our core switch (HP 8212zl) with an Aruba CX 6405 back in June. We hired a consultant to reconfigure the config to be compatible with the new CX OS. Ever since then, FortiNAC is intermittently reporting Contact Lost events for our Aruba Controllers and Aruba APs. The controllers and the APs are on the same VLAN, and there are no ACLs or firewalls in-between VLAN 1 (new core) and VLAN 40 (wireless network).
There are zero port errors on the core and it's not an STP issue. The contact lost events only occur with the wireless controllers and APs, and not with our other edge switches or servers.
If we check the Aruba wireless side of things, none of the controllers or APs lose network connectivity. There's just a brief/random comms issue when FortiNAC reaches out to poll via ICMP.
Does anyone have any ideas? Fortinet support is claiming it's a network issue and not on their end. I could really use some help.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Set the MTU on the "interface", then the VLAN interface can be set up to that same value.
Configuring MTU for Vlans may mismatch with the MTU set for the ports.
BR
Thanks. So FortiNAC is a VM on a shared interface, VLAN 1. The WLCs are on VLAN 40. Do I set the MTU on the FortiNAC interface and also VLAN 40 of the WLCs? Sorry for all of the questions. I've never had to mess with MTUs before.
Since we are still in troubleshooting phase I'd set it as it was before on HP core (check your old HP config).
Thanks AEK. We didn't have an MTU set on the old core; it was just set at default. However, the default MTU of HP Procurve switches is 1522. The newer Aruba CX switches have a default MTU of 1500.
Might be interesting to increase the MTU on the interface.
BR
Ok so bump up the MTU on the interface that FortiNAC is connected to on the core and that’s it?
Packet fragmentation is not always bad :) and also the SNMP should be friendly and use it for large queries (GETBULK). As long as there are no packet drops it should not be an issue. I think you should investigate why the Aruba drops and not respond to ICMP traffic (most probably when it's busy).
Updating this since it's still an issue for us. Has anyone else run into a similar situation with FortiNAC and Aruba controllers intermittently losing contact via ping and/or SNMP?
It seems like the intermittent contact lost events for your Aruba controllers and APs in FortiNAC could be related to the network configuration or communication settings. Here are some steps you can take to troubleshoot and potentially resolve the issue: 1. **Verify Network Configuration**: - Double-check the network configuration settings on the Aruba controllers and APs to ensure they are correctly configured and there are no issues with VLAN settings or network connectivity. 2. **Check ICMP Settings**: - Confirm that ICMP (ping) requests are allowed between FortiNAC and the Aruba controllers/APs. Ensure there are no firewall rules blocking ICMP traffic that could be causing intermittent communication issues. 3. **Review FortiNAC Polling Settings**: - Check the polling settings in FortiNAC to ensure they are correctly configured for the Aruba controllers and APs. Verify the polling frequency and timeout settings to see if adjustments are needed.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.