Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

RAP-109 Provisioning Error

This thread has been viewed 9 times

  • 1.  RAP-109 Provisioning Error

    Posted Jul 23, 2015 11:05 AM
      |   view attached

    Hi all

    I am having an issue with provisioning a RAP-109. This device worked fine before. I have had it disconnected for a while and when I plugged it up it had a broadcast ssid of "instant". So I connected to it and tried to re-provision it. However, in this process, I encountered an error. 

     

    I have verified that the configuration is still in the Remote AP whitelist.

     

    My controller information is as follows:

    Name:Aruba Operating System Software.
    Model:Aruba3600
    Version:6.3.1.8
    Compiled:2014-06-10 at 18:09:03 PDT (build 44205) by p4build

     

    I have attached the error file that was generated. 

     

    Any help to remedy this issue will be greatly appreciated.

     

    Attachment(s)

    txt
    Aruba RAP Provision Error.txt   9 KB 1 version


  • 2.  RE: RAP-109 Provisioning Error

    EMPLOYEE
    Posted Jul 23, 2015 11:12 AM

    It almost looks like you don't have it in the RAP whitelist:

     

    Notify: AUTHENTICATION_FAILED (ESP spi=93163f00)
May 23, 12:19:16: InNotify AP authentication failed
ike2_state.c (7882): errorCode = ERR_IKE_NOTIFY_PAYLOAD
May 23, 12:19:16: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:d8890e43 index:0 mPeerType:0
May 23, 12:19:16: IKE SA failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 ikeVer 2
May 23, 12:19:16: send_sapd_error: InnerIP:0  error:45 debug_error:0

May 23, 12:19:16: send_sapd_error: error:45 debug_error:0

May 23, 12:19:16: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:d8890e43 index:0 mPeerType:0
May 23, 12:19:16: IKE_SA [v2 I] (id=0xd6d38218) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952
May 23, 12:19:16: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2
Timer ID: 1 Deleted 
rapperSendStatusCB


  • 3.  RE: RAP-109 Provisioning Error

    Posted Jul 23, 2015 11:35 AM

    I actually do have it in the whitelist. I deleted it and re-added. See pics.



  • 4.  RE: RAP-109 Provisioning Error

    EMPLOYEE
    Posted Jul 23, 2015 11:43 AM

    on the controller, do this:

     

    config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security subcat l2tp
logging level debugging security subcat vpn

    Attempt to convert/connect your RAP, then type "show log security 50" to see if there are any clues.



  • 5.  RE: RAP-109 Provisioning Error

    Posted Jul 23, 2015 12:04 PM
      |   view attached

    cjospeh

     

    Here is the output I got.......

    Attachment(s)

    txt
    Aruba Debug Output.txt   10 KB 1 version


  • 6.  RE: RAP-109 Provisioning Error

    EMPLOYEE
    Posted Jul 23, 2015 12:52 PM

    Check to make sure your configuration is like in the picture below:

    rap.png



  • 7.  RE: RAP-109 Provisioning Error

    Posted Jul 23, 2015 04:51 PM
      |   view attached

    I have ensured that is the case. 



  • 8.  RE: RAP-109 Provisioning Error

    EMPLOYEE
    Posted Jul 23, 2015 04:54 PM

    Okay.  You need to check below:

    sg.png



  • 9.  RE: RAP-109 Provisioning Error

    Posted Jul 23, 2015 05:14 PM

    Here is what I have there.



  • 10.  RE: RAP-109 Provisioning Error
    Best Answer

    EMPLOYEE
    Posted Jul 23, 2015 05:17 PM

    If the default server group is modified, it could make it so that you cannot bring up a RAP.

     

    Find out why it is configured like you have it.  If you do not know, please revert to how I have it and retest your RAP.  The default server group needs to point to the internal database, but without what you have, to make RAPs come up.

     



  • 11.  RE: RAP-109 Provisioning Error

    Posted Jul 23, 2015 05:36 PM
      |   view attached

    cjoseph

     

    Yet again, you have done it.

     

    I made the change as you have it depicted and the AP came up fine without issue.

     

    Any reason why that config would have been there as I did not put it there and I am the only admin for Aruba here.



  • 12.  RE: RAP-109 Provisioning Error

    EMPLOYEE
    Posted Jul 23, 2015 05:58 PM
    Type "show audit-trail" on the commandline


  • 13.  RE: RAP-109 Provisioning Error

    Posted Jul 23, 2015 07:22 PM

    Here is the output

     

    Jul 22 14:02:05 webui[1571]: USER:ltaylor@10.0.76.82 COMMAND:<write memory > -- command executed successfully
    Jul 23 10:28:22 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<whitelist-db rap modify mac-address "ac:a3:1e:ce:16:e4" ap-group "BTC-REMOTE" full-name "testap" > -- command executed successfully
    Jul 23 10:28:38 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<whitelist-db rap modify mac-address "ac:a3:1e:ce:16:e4" ap-group "BTC-REMOTE" ap-name "testapremote" > -- command executed successfully
    Jul 23 10:44:56 fpcli: USER:ltaylor@10.0.74.213 COMMAND:<logging level debugging security subcat ike > -- command executed successfully
    Jul 23 10:45:05 fpcli: USER:ltaylor@10.0.74.213 COMMAND:<logging level debugging security process aaa > -- command executed successfully
    Jul 23 10:45:14 fpcli: USER:ltaylor@10.0.74.213 COMMAND:<logging level debugging security process authmgr > -- command executed successfully
    Jul 23 10:46:03 fpcli: USER:ltaylor@10.0.74.213 COMMAND:<logging level debugging security subcat vpn > -- command executed successfully
    Jul 23 16:00:00 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<aaa server-group "default" > -- command executed successfully
    Jul 23 16:00:00 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<aaa server-group "default" no set role condition "1" equals "10:A5:D0:4D:95:8F" set-value "denyall" > -- command executed successfully
    Jul 23 16:00:06 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<write memory > -- command executed successfully
    Jul 23 16:24:06 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<aaa server-group "default" > -- command executed successfully
    Jul 23 16:24:06 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<aaa server-group "default" no auth-server "Internal" > -- command executed successfully
    Jul 23 16:24:06 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<aaa server-group "default" auth-server "Internal" position "1" > -- command executed successfully
    Jul 23 16:24:28 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<write memory > -- command executed successfully
    Jul 23 16:44:08 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<clear provisioning-ap-list > -- command executed successfully
    Jul 23 16:44:08 webui[1571]: USER:ltaylor@10.0.74.213 COMMAND:<provision-ap read-bootinfo ap-name "testapremote" > -- command executed successfully



  • 14.  RE: RAP-109 Provisioning Error

    EMPLOYEE
    Posted Jul 23, 2015 08:09 PM
    I don't see the change in there. It would have kept all other raps from coming up, though.