Controller Based WLANs

Why does the RAP fail to downgrade from ArubaOS to RN code?

Aruba Employee

Question:  Why does the RAP fail to downgrade from ArubaOS to RN code?


Product and Software: This article applies to RAPs that are downgrading from ArubaOS to RN code.

ArubaOS 5.0.2 and RN use a different UDP port for PAPI. UDP 8209 is used in ArubaOS, and UDP 8211 is used in RN code.

When the controller is downgraded from to RN code, the RAPs that run code continuously send packets to UDP 8209. The 3.3 controller replies with ICMP destination unreachable, then all the RAPs fail to come up.
The solution is to destination NAT UDP 8209 traffic to UDP 8211, and the RAPs will downgrade eventually.
For example, the RAP role is "authenticated" in the local-userdb:

ip access-list session dst-nat-udp-8209-to-8211

any any udp 8209 dst-nat 8211


user-role authenticated

session-acl dst-nat-udp-8209-to-8211

session-acl allowall

ipv6 session-acl v6-allowall

Version history
Revision #:
1 of 1
Last update:
‎07-03-2014 03:12 PM
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.