Access Points

Reply
Occasional Contributor I

rap provisioning problem.

when i configure AP105 or RAP2wg as an AP they work properly. But when i provision them in RAP mode they don't come to the controller(aruba 200) after the provisioning. After provisioning, I can still ping the RAP but the status is down.

i use ArubaOS 5.0.2.1

provision:
i enter IKE shared secrets
i define the user settings also in internal db

these licenses are installed:
Remote Access Points 8
Policy Enforcement Firewall ENABLED

i cannot find out what is the problem!

Regards,
Gokhan
Guru Elite

Re: rap provisioning problem.

You do NOT need the RAP license in ARubaOS 5.0.2.1

Turn on debugging for RAP:

config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr

Do a "show datapath session table | include 4500" on the commandline to see if traffic is even coming into that controller

Do a "show log security 50" to see what RAP messages you see.

Is the RAP layer-2 connected to the controller? If that is the case, the RAP will NOT come up, unless the controller is the default gateway of the RAP. To make that work, put at least one router between the controller and the RAP.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: rap provisioning problem.

thanks for the comment

actually i directly connected the rap to controller.

controller/default gateway ip:172.16.0.254
ipsec pool: 172.16.100.0/24

after a successful settings it should give 2 ip adresses to controller. One from dhcp pool, and one from ipsec pool. i think the rap is getting both of them but after the reboot, controller cant relate with the ip from ipsec pool and doesn't see the ap.

this is our demo controller. we have a working aruba system in the company and it has nearly the same config except, default gateway and dhcp are on the firewall. and i can provision it as a rap.i cant see what is the difference.

i also tried to put another vlan for the ipsec pool and added routes between of them but no result. i don't know if i am missing something.
Guru Elite

Re: rap provisioning problem.

Do you have the output of the logs suggested above? That would give us an idea what the problem is and how we can handle it.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: rap provisioning problem.

i dont know how it works but it works now.

i have been trying to make it at least 20-30 times since yesterday. at my last attempt, while tracing logs, it works!
thanks for your care.
New Contributor

WIP licenses for the RAPs

Do you have any WIP licenses loaded on your demo controller? We have had issues where our RAPs requiring a WIP license on the controller in order for it to function. Aruba states that this is a bug in the code and should be corrected in a future release.
Guru Elite

Re: rap provisioning problem.

uh... What bug is that?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

WIPs needed for RAPs

Good question. I don't think there has been an official bug identifier assigned. But sure enough, our wired only RAP-5s use a WIP license when they connect to the controller. We ran out of WIPs without realizing it during RAP deployments, because we didn't think WIPs would be in the picture. We had 92 WIPs being shared by our campus APs and RAPs. Once that 93rd AP tried connecting to the controller, it caused all kinds of problems. Aruba provided us a temporary bundle of WIPs to circumvent the issue. They acknowledge that RAPs, especially wired only, should not be taking up a WIP license. For the long run, we received a large bundle of permanent WIP licenses to avoid future issues. We were told this issue would be addressed in future OS. I don't see anything in the release notes of 6.0.
Guru Elite

Re: rap provisioning problem.

Allright. Now I know what you are talking about. Your AP licenses must match your WIP Licenses must match your PEF Licenses, or you will be restricted to the lesser of the three. That is not a bug.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: