Network Management

Reply

Error during Aruba Central login

Hi gurus,

 

I have had my cluster of IAPs in Aruba Central for some time, today when I checked in Aruba Central I have seen all of them offline. I don't know when they got offline because I changed some policies in the firewall. After doing some troubleshooting I realized NTP protocol wasn't allowed in the firewall, so IAPs didn't get the correct clock and there was a certificate error with activate. After allowing the NTP protocol, the IAPs got the correct time and the certificate issue with activate was solved. Now I can see the IAPs with correct time, they have connected to activate, but they are still offline in Aruba Central, and they give this error:

 

Jun 22 14:44:47 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| app1.central.arubanetworks.com
Jun 22 14:44:47 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Aruba Central Mgmt
Jun 22 14:45:45 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Error during Aruba Central login
Jun 22 14:46:46 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Error during Aruba Central login
Jun 22 14:48:46 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| Aruba Central failure times is 3
Jun 22 14:48:46 cli[3528]: <341004> <WARN> |AP P2-W05@172.16.100.43 cli| IAP mgmt mode is changed from athena-mgmt to local-mgmt

 

These are other logs:

 

P2-W05# show ap debug cloud-server

IAP mgmt mode :athena-mgmt
cloud config recved :TRUE
autojoin mode :disable
Device Cert status :SUCCESS
Aruba Central server :app1.central.arubanetworks.com
Aruba Central redirect from:app1.central.arubanetworks.com
Aruba Central Protocol :HTTPS
Aruba Central status :connecting

 

P2-W05# show log ap-debug

Jun 22 14:46:49 syslog: check_sid_type: sid check type, result-'0 admin'
Jun 22 14:46:50 syslog: main, 2530: opcode is show
Jun 22 14:46:50 syslog: check_sid_type: sid check type, result-'0 admin'
Jun 22 14:47:20 syslog: main, 2530: opcode is show
Jun 22 14:47:20 syslog: check_sid_type: sid check type, result-'0 admin'
Jun 22 14:47:21 syslog: main, 2530: opcode is show
Jun 22 14:47:21 syslog: check_sid_type: sid check type, result-'0 admin'
Jun 22 14:47:46 awc[3527]: awc_init_connection: 2129: connecting to app1.central.arubanetworks.com:443
Jun 22 14:47:46 awc[3527]: tcp_connect: 167: recv timeout set to 5
Jun 22 14:47:46 awc[3527]: tcp_connect: 174: send timeout set to 5
Jun 22 14:47:46 awc[3527]: awc_init_connection: 2170: connected to app1.central.arubanetworks.com:443
Jun 22 14:47:46 awc[3527]: awc_init_connection: 2212: Loading local CA certificates
Jun 22 14:47:46 awc[3527]: Failed to establish SSL connection: Error code is -1:unknown error number
Jun 22 14:47:46 awc[3527]: athena_init failed

 

P2-W05# show activate status

Activate Server :device.arubanetworks.com
Activate Status :success
Aruba Central Server :app1.central.arubanetworks.com
IAP MAC Address :20:a6:cd:cb:5e:6e
IAP Serial Number :CNDQHN72DB
Cloud Activation Key :PNMFQGSC

 

Any clues?

 

Regards,

Julián

Re: Error during Aruba Central login

Hi,

 

After waiting some time the IAPs got online in Aruba Central again. I am going to check if I know the reason...

 

Regards,

Julián

 

Re: Error during Aruba Central login

Hi,

 

It seems the IAPs only needed some time to get online in Aruba Central after allowing the NTP protocol on the firewall. The logs I see now is the following:

 

Jun 25 09:57:42 sapd[3532]: sapd_proc_apcli_msg: apcli msg recv-ed: len=13 type=3 .....
Jun 25 09:57:46 cli[3528]: <541004> <WARN> |AP P2-W05@172.16.100.43 cli| recv_sta_update: receive station msg, mac-20:2d:07:6f:bf:3c bssid-20:a6:cd:35:4d:00 essid-arubatest.
Jun 25 09:58:09 stm[3551]: <199802> <ERRS> |AP P2-W05@172.16.100.43 stm| rc_rad_tls.c, RadsecTLSNegotiationHandler:513: Failed to open TLS socket error ASN no signer error to confirm failure
Jun 25 09:58:09 stm[3551]: <199802> <ERRS> |AP P2-W05@172.16.100.43 stm| rc_rad_tls.c, RadsecTLSNegotiationHandler:515: calling cleanup for 60e9a623
Jun 25 09:58:09 stm[3551]: <199802> <ERRS> |AP P2-W05@172.16.100.43 stm| rc_rad_tls.c, radsec_start_connection_retry_timer:110: Failed to establish TLS connection to server AS2_#guest#_. Retry in 160 seconds
Jun 25 09:58:27 cli[3528]: <541004> <WARN> |AP P2-W05@172.16.100.43 cli| recv_sta_update: receive station msg, mac-48:86:e8:67:04:58 bssid-20:a6:cd:35:e7:40 essid-arubatest.
Jun 25 09:58:34 cli[3528]: wsc: prepare_and_send_IapState_data(959) state bytes size=10234

 

If I check the radius servers status I get the following:

radius_stat.JPG

 

I am not using guest network, what are AS1_#guest#_ and AS2_#guest#_ servers? Do I need to allow the connection to them if I am not using guest network?

 

Regards,

Julián

Re: Error during Aruba Central login

Hi,

 

If someone if interested on this, after enabling guest network and protocols 443 and 2083 in the firewall, the status of those servers changed to CONNECTED, so I think everything is OK now:

radius_status2.JPG

Regards,

Julián

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: