Controllerless Networks

Reply
Occasional Contributor II

iap-vpn to AOS8 virtual mobility controller

Hi All,

 

Has anyone had any success in setting up iap-vpn from an iAP cluster back to a AOS8 VMC?  I've already seen the docs saying that this is only supported from 8.3.0.0 on virtual and have upgraded my test VMC to this release.

 

I have tried exporting the default cert from the VMC and importing it on the iAP with no success, keep seeing the errors below.

 

Jun 11 15:18:25 authmgr[5603]: <522125> <5603> <WARN> |authmgr| Could not create/find bandwidth-contract for user, return code (-11).
Jun 11 15:18:25 isakmpd[5526]: <103061> <5526> <ERRS> |ike| IKE_CUSTOM_useCert: can't find Server-Cert

 

Nothing listed in the show iap table either.

 

DHCP pool for the IAPs seem to be getting consumed as the in use number keeps clocking up.

 

(devtapl2002.stbc2.jstest2.net) [mynode] # show vpdn l2tp local pool

IP addresses used in pool default
192.168.201.140-192.168.201.149

L2TP Pool statistics for all pools:

IPv4/IPv6 Pool Configured Used Free

-------------- ---------- ------ ------

IPv4 116 10 106

IPv6 0 0 0

 

 

User table on the controller seems to be being populated with data...

 

(devtapl2002.stbc2.jstest2.net) [mynode] #show user
This operation can take a while depending on number of users. Please be patient ....

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name User Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ---------
192.168.201.143 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:04 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.158 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:00 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.155 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:01 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.145 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:03 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.148 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:02 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.150 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:02 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.147 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:03 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.153 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:01 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.156 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:00 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.141 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:05 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.142 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:04 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.159 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:00 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.154 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:01 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
10.182.172.162 00:00:00:00:00:00 logon 00:00:13 VPN N/A tunnel WIRELESS
192.168.201.144 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:03 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.149 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:02 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.151 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:02 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.146 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:03 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.152 00:00:00:00:00:00 24:de:c6:c3:c6:a3 default-vpn-role 00:00:01 VPN 10.182.188.163 N/A default-iap tunnel WIRELESS
192.168.201.157 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:00 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
192.168.201.140 00:00:00:00:00:00 70:3a:0e:c1:da:40 default-vpn-role 00:00:05 VPN 10.182.172.162 N/A default-iap tunnel WIRELESS
10.182.188.163 00:00:00:00:00:00 logon 00:00:03 VPN N/A tunnel WIRELESS

 

 

Thanks in advance,

Matt.

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: