Aruba Instant & Cloud Wi-Fi

Reply
Frequent Contributor I
Posts: 82
Registered: ‎05-11-2011

How to stop IAP Cluster with IAP225 attempting to authenticate all the time

Hello

I have a IAP Cluster with a mesh AP225 on a completely separate network with internet access and somehow the IAP-225 acting a virtual controller is all the time trying to authenticate to one my controllers connected on a DMZ which I use for RAP access to be converted to RAP.

It sounds during one my my tests, this IAP took the controller IP address and is sending 3-4 authentications/sec to my controller. I don't see anything on the configuration related to this.

This is the output from the log:

ec 10 08:18:21 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
Dec 10 08:18:21 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
Dec 10 08:48:35 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
Dec 10 08:48:35 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
Dec 10 09:17:50 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
Dec 10 09:17:50 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
Dec 10 09:48:04 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
Dec 10 09:48:04 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
Dec 10 10:18:19 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X.10.
Dec 10 10:18:19 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending
Dec 10 10:44:16 cli[2994]: <341108> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| sess_sid_type_get: 310 invalid session client-192.168.1.8 sid-xfLOU45tv0KpU0UXNnIr.
Dec 10 10:48:34 cli[2994]: <341098> <WARN> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| recv_convert_ap: Convert AP url-, mode-1, master-X.X.X10.
Dec 10 10:48:34 cli[2994]: <341005> <ERRS> |AP 94:b4:0f:c0:47:70@192.168.1.10 cli| VPN setup pending

 

How can I stop this IAP to send all this traffic?  I tried several times to wipe the AP and still working like that.

 

Thanks,

 

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

Do you have a provisioning rule tied to it in Activate?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 82
Registered: ‎05-11-2011

Re: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

I've checked this several times and this IAP devices is on my  activate database without any provisioning rule although looking in detail I see it as RAP Mode

This guy is like a little DDOS and I had to put a rule on my internet firewall to stop this traffic

Frequent Contributor I
Posts: 82
Registered: ‎05-11-2011

Re: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

Guess what.... I have a nice default rule in activate

Frequent Contributor I
Posts: 82
Registered: ‎05-11-2011

Re: How to stop IAP Cluster with IAP225 attempting to authenticate all the time

Tim, thank you to guide me to the right path. it was driving me crazy and I believe this issue has been causing some other problems with RAPs using the same egress access.

Now I see the endpoint on activate as IAP VC

Search Airheads
Showing results for 
Search instead for 
Did you mean: