Controllerless Networks

Reply
Occasional Contributor II

IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

Ever since we updated the firmware on our four IAP115 (one acting as the virtual controller) to firmware version 6.4.4.8-4.2.4.6_58505, it seems like occasionally users will be presented with an Aruba Networks certificate instead of the certificate being provided via EAP-TTLS on our external RADIUS server. After a while, it will fix itself and start presenting the correct cert to the user again.

 

We are piping the syslog from the controllers into a log correlation system we use and while the problem is happening, I am noticing radiusd on the APs crashing and restarting:

 

Apr 7 10:52:59 10.163.99.252 nanny[2002]: <303079> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Restarted process /aruba/bin/radiusd-term, new pid 29032
Apr 7 10:52:59 10.163.99.252 nanny[2002]: <303074> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Process /aruba/bin/radiusd-term [pid 29008] died: exited with 0x1
Apr 7 10:52:59 10.163.99.252 nanny[2002]: <303079> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Restarted process /aruba/bin/radiusd, new pid 29031
Apr 7 10:52:59 10.163.99.252 nanny[2002]: <303074> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Process /aruba/bin/radiusd [pid 29007] died: exited with 0x1

 

Apr 7 10:52:49 10.163.99.252 nanny[2002]: <303079> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Restarted process /aruba/bin/radiusd-term, new pid 29008
Apr 7 10:52:49 10.163.99.252 nanny[2002]: <303074> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Process /aruba/bin/radiusd-term [pid 28984] died: exited with 0x1
Apr 7 10:52:49 10.163.99.252 nanny[2002]: <303079> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Restarted process /aruba/bin/radiusd, new pid 29007
Apr 7 10:52:49 10.163.99.252 nanny[2002]: <303074> <ERRS> <10.163.99.252 18:64:72:C1:E7:E0> Process /aruba/bin/radiusd [pid 28983] died: exited with 0x1

 

These are the only issues I could find in the logs coming from the access points. I checked for new firmware updates in the Maintenance settings, but we are on the newest one. I have not tried restarting the APs yet since it's a little difficult to do that while people are working. More just wondering if this is a known issue.

 

Thanks.

Guru Elite

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

I would upgrade using the software on the Limited Lifetime Warranty page here:  http://support.arubanetworks.com/LifetimeWarrantySoftware/tabid/121/DMXModule/661/Default.aspx?EntryId=20388



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

We're already on the version that is the highest listed for General Availability. Do you mean we should try the Early Availability version 6.5? I'm not sure we want to go with something that isn't considered "stable".

 

Thanks.

Guru Elite

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

You can open a TAC case to determine what your issue can be, so that you can get very specific troubleshooting information for you.  It is better that they advise you at this point.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

Aruba Early Availability software has gone through full testing and should not be confused with beta software. In most cases, it is fine to go with the EA (called Standard Release going forward).

 

When reading your initial symptoms, please check in the Security tab if you might have enabled 'Authentication Survivability', as that could be a reason for presenting the internal certificate when your RADIUS server is unreachable. That also could be a reason why the radius on the AP is starting and stopping all the time. If turning off survivability solves your problem, please check the availability of your RADIUS as it seems unavailable from the Instant AP.

 

If that does not solve your issue, indeed open a TAC case to get this investigated why the internal cert is presented.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

That's a setting in the IAP interface? I'm not seeing anything for authentication survivability. It seems this only started happening after we updated the firmware which we needed to do to fix another issue where the Aruba's were randomly trying to connect the Internal RADIUS server (which is not configured) instead of the remote RADIUS server and therefor not letting some users connect in the morning when they came into the office. We can try updating to 6.5 to see if it fixes the problems we are having I suppose. The remote RADIUS server is definitely up and available when these events are occurring. Thanks for the help.

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

Authentication survivability is in the same screen on the Instant AP where the authentication and RADIUS server is selected: 

auth-surv.png

Just make sure Authentication Survivability is disabled and you should never see the internal cert; Also make sure the Auth server 2 is NOT set to InternalServer.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

Oh there it is. Thanks! That was enabled and is now disabled. Also second server is not set to Internal, verified. Thanks again hopefully that will help with the problems we saw.

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

Please be aware that the IAP should only fallback if your RADIUS server is unreachable or otherwise unresponding. The behavior that you saw can indicate a previously unknown issue in your network or on the RADIUS server that should be investigated. It can be that due to retries end-users don't really notice, but still, it looks like there is some other issue.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: IAP115 WPA2 Enterprise occasionally serving Aruba Networks cert on client connect

Thanks, I would assume that to be the case as well. Only problem is we have constant monitoring on our RADIUS server and nothing is skipping a beat. So I'm not sure what the issue is but since disabling that I haven't heard any complaints about wireless. Thanks for the assistance.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: