Wireless Access

 View Only

  • 1.  AOS Virtual Appliance mobility controller not in same network as APs - will that work?

    Posted Oct 10, 2025 02:45 AM

    Hello Airheads,

    I'm very new to Aruba wireless and I am tasked with building a PoC for Aruba Wireless for our company. Currently I want to try if a setup works in which the mobility controller is provisioned in our data center and controls all APs in our company which are situated in 3 remote offices (one of which will have the fast majority of our APs).

    The connection between data center and remote office is very solid.

    I already have the AP (with DHCP-Option 43) and the controller running and the controller sees the APs but there are constant heartbeat timeouts. While I might find the reasons for this eventually, I wonder if this setup will even work or if the controller has to be in the same network as the APs.

    If not, does anybody know maybe if this error here is strictly network related or if this might be a config issue somehow?

    <WARN> |stm| AP AP-615-RW ip 10.60.121.16 outer_ip 0:0:0:0 down , reason: controller detect heart beat timeout 

    Virtual Appliance is: ArubaOS 8.12.0.6 SSR

    I have two APs for testing: 

    AP-615

    AP-635

    Any help appreciated! 



    -------------------------------------------


  • 2.  RE: AOS Virtual Appliance mobility controller not in same network as APs - will that work?
    Best Answer

    Posted Oct 12, 2025 01:04 AM

    Aruba supports deploying centralized controllers in a data center with APs in remote sites, as long as network latency and bandwidth are within supported thresholds and if there is a firewall sitting in between, mandatory ports needs to be permited.

    Aruba APs maintain a heartbeat (keepalive) with the controller. If the controller doesn't receive this within a certain time window, it assumes the AP is down.

    A heartbeat timeout can occur due to:

    High network latency or jitter
    - Packet loss
    - NAT issues (especially if "outer_ip 0:0:0:0" is seen)
    - AP/controller configuration mismatch
    - Firewall blocking GRE or PAPI
    - Misconfigured AP system profile (e.g., incorrect IPs, VRRP, etc.

    Firewall ports which need to be enabled are:

    Protocol Port Description
    UDP 8211 PAPI (Aruba control)
    UDP 69 TFTP (image transfer)
    UDP 500,4500 IPsec (if used)
    GRE - For tunneling

    Also in logs, check:
    show ap database
    show log system 50



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP
    Just an Aruba enthusiast and contributor by cases
    If you find my comment helpful, KUDOS are appreciated.
    ------------------------------



  • 3.  RE: AOS Virtual Appliance mobility controller not in same network as APs - will that work?

    Posted Oct 13, 2025 09:48 AM

    Hello Shpat,

    turns out GRE was still blocked and I didn't notice. Thanks for your help!

    -------------------------------------------

    Original Message


  • 4.  RE: AOS Virtual Appliance mobility controller not in same network as APs - will that work?

    Posted Oct 23, 2025 02:42 PM

    Glad that it worked :) 



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP
    Just an Aruba enthusiast and contributor by cases
    If you find my comment helpful, KUDOS are appreciated.
    ------------------------------

    Original Message


Related Content