Question: Why does the RAP fail to downgrade from ArubaOS 184.108.40.206 to 220.127.116.11 RN code?
Product and Software: This article applies to RAPs that are downgrading from ArubaOS 18.104.22.168 to 22.214.171.124 RN code.
ArubaOS 5.0.2 and 126.96.36.199 RN use a different UDP port for PAPI. UDP 8209 is used in ArubaOS 188.8.131.52, and UDP 8211 is used in 184.108.40.206 RN code.
When the controller is downgraded from 220.127.116.11 to 18.104.22.168 RN code, the RAPs that run 22.214.171.124 code continuously send packets to UDP 8209. The 3.3 controller replies with ICMP destination unreachable, then all the RAPs fail to come up.
The solution is to destination NAT UDP 8209 traffic to UDP 8211, and the RAPs will downgrade eventually.
For example, the RAP role is "authenticated" in the local-userdb:
ip access-list session dst-nat-udp-8209-to-8211
any any udp 8209 dst-nat 8211
ipv6 session-acl v6-allowall