Controller Based WLANs

Why does the RAP fail to downgrade from ArubaOS 5.0.2.0 to 3.3.2.18 RN code?

by on ‎07-03-2014 03:12 PM

Question:  Why does the RAP fail to downgrade from ArubaOS 5.0.2.0 to 3.3.2.18 RN code?

 

Product and Software: This article applies to RAPs that are downgrading from ArubaOS 5.0.2.0 to 3.3.2.18 RN code.

Problem
ArubaOS 5.0.2 and 3.3.2.18 RN use a different UDP port for PAPI. UDP 8209 is used in ArubaOS 5.0.2.0, and UDP 8211 is used in 3.3.2.18 RN code.

When the controller is downgraded from 5.0.2.0 to 3.3.2.18 RN code, the RAPs that run 5.0.2.0 code continuously send packets to UDP 8209. The 3.3 controller replies with ICMP destination unreachable, then all the RAPs fail to come up.
Solution
The solution is to destination NAT UDP 8209 traffic to UDP 8211, and the RAPs will downgrade eventually.
For example, the RAP role is "authenticated" in the local-userdb:

ip access-list session dst-nat-udp-8209-to-8211

any any udp 8209 dst-nat 8211

!

user-role authenticated

session-acl dst-nat-udp-8209-to-8211

session-acl allowall

ipv6 session-acl v6-allowall

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.