Question: Why does the RAP fail to downgrade from ArubaOS 18.104.22.168 to 22.214.171.124 RN code?
Product and Software: This article applies to RAPs that are downgrading from ArubaOS 126.96.36.199 to 188.8.131.52 RN code.
ArubaOS 5.0.2 and 184.108.40.206 RN use a different UDP port for PAPI. UDP 8209 is used in ArubaOS 220.127.116.11, and UDP 8211 is used in 18.104.22.168 RN code.
When the controller is downgraded from 22.214.171.124 to 126.96.36.199 RN code, the RAPs that run 188.8.131.52 code continuously send packets to UDP 8209. The 3.3 controller replies with ICMP destination unreachable, then all the RAPs fail to come up.
The solution is to destination NAT UDP 8209 traffic to UDP 8211, and the RAPs will downgrade eventually.
For example, the RAP role is "authenticated" in the local-userdb:
ip access-list session dst-nat-udp-8209-to-8211
any any udp 8209 dst-nat 8211
ipv6 session-acl v6-allowall