Access Points

Reply
Occasional Contributor II
Posts: 12
Registered: ‎07-01-2009

Remote AP only staying online 4 minutes?

Has anyone else had a problem where the NAT-T tunnel goes up and then disconnects?

We are going through a fortinet firewall..
Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

Disconnects

William,

Don't know on the firewall side.

On the Aruba side, type "show log system " to see if the controller or AP is responsible for that reboot. X is the number of lines you want to see on the system log...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎07-01-2009

Re: Remote AP only staying online 4 minutes?


William,

Don't know on the firewall side.

On the Aruba side, type "show log system " to see if the controller or AP is responsible for that reboot. X is the number of lines you want to see on the system log...




Nothing in any of the logs for that access point.
Occasional Contributor II
Posts: 12
Registered: ‎07-01-2009

Re: Remote AP only staying online 4 minutes?

We are running 3.4.0.2 and we have a NATd address from a public address on the fortinet. The link appears to come up but then drop after a few minutes.
Guru Elite
Posts: 21,280
Registered: ‎03-29-2007

When you say

When you say "come up" do you mean that the AP actually contacts the controller, starts broadcasting it's SSID, a/g WLAN lights on, etc? "Show log system all" should say something about that AP connecting/disconnecting.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 26
Registered: ‎12-22-2008

Re: Remote AP only staying online 4 minutes?

William,

lets do a simple test. Try and ping the public ip address on the firewall to which the AP is pointing to as the controllers ip-address.Do this test from the AP location side with a laptop on the same network as the AP.
Please confirm that whether you lose connectivity with the public ip when the AP reboots.
New Contributor
Posts: 4
Registered: ‎04-03-2007

Re: Remote AP only staying online 4 minutes?

What permissions are in the REMOTEAP-Policy? I believe you should have:
any any svc-papi permit
any any svc-gre permit
any any svc-l2tp permit
any mswitch svc-tftp permit
any mswitch svc-ftp permit

The 4 minutes sounds to me like it could be a papi problem. if papi heartbeats stop getting through, the timeout is about 4 minutes.
Aruba Employee
Posts: 2
Registered: ‎11-11-2008

Do you see the AP on the controller?

Bill,

It might be that the IPSec tunnel is not getting established for the remote AP. Check the "show crypto isakmp sa" and "show crypto ipsec sa" to see the tunnel is getting established. If the tunnel is established then you should be able to see the AP under "show user verbose" and "show ap active". The AP is up and only if you see the AP under "show ap active" with the Flag 'R'.
Aruba Employee
Posts: 2
Registered: ‎11-11-2008

Do you see the AP on the controller?

Bill,

It might be that the IPSec tunnel is not getting established for the remote AP. Check the "show crypto isakmp sa" and "show crypto ipsec sa" on the Aruba controller to see if the tunnel is getting established. If the tunnel is established then you should be able to see the AP under "show user-table verbose" and "show ap active". The AP is up only if you see the AP under "show ap active" with the Flag 'R'.
Search Airheads
Showing results for 
Search instead for 
Did you mean: