Network Management

Reply
Highlighted
Occasional Contributor I

SSL Error between RAP and airwave

Hi all

Since a few months, I have a strange issue with some RAP (3WN): when a RAP is factory reset, sometime I no longer able to communicate with my airwave server. A "show log provision" show   "Error establishing SSL connection to AMP server at ip xx.xx.xx.xx: ASN no signer error to confirm failure" "show log ap-debug" say: "Failed to establish SSL connection: Error code is -1:ASN no signer error to confirm failure". 

I have about 3500 RAPs and only a few one (about 20) have this behavior.

Someone any Idea?

Thanks

 Allan

Moderator

Re: SSL Error between RAP and airwave

I haven't observed this behavior, seems like it might get better traction in a support case.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Guru Elite

Re: SSL Error between RAP and airwave

We would have to confirm that the device had access to NTP and got the correct time.  If the time is incorrect, it would think that the Airwave server's certificate is not yet valid.  On the other hand, a A RAP5WN can only be connected to a controller as a RAP, and not to Airwave.  Are you sure you have that model correct and what method are you using to connect the AP.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: SSL Error between RAP and airwave

Hi

 To clear some things (may be my vocabulary isn't exact). I'm talking about the Device type: RAP-3WN. We use them as remote access points with following deployment process:

  1. The RAP3-WN connects first to activate.arubanetworks.com and gets its provisioning rule: IAP to Airwave. (this part is working)
  2. The RAP3-WN connect to our Airwave server and ask about its configuration. (Here is our Problem – the 2 devices are able to communicate – I can see traffic with tcpdump. But the RAP3-WN gets the mentioned errors)
  3. When the RAP-3WN has its configuration, it connect to one of our controller and build up the VPN tunnel.

 NTP is accessible by ping and show clock display the exact time. Activate and the airwave server are reachable.

A support case was already open, but after weeks of troubleshooting the “problem-devices” have been replaced (RMA), and now I’ve got some new devices with this problem.

Guru Elite

Re: SSL Error between RAP and airwave

You should continue working with TAC.

 

How did you execute "show clock" on the AP?  Do you have a console cable?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: SSL Error between RAP and airwave

"How did you execute "show clock" on the AP?  Do you have a console cable?"

 

Yes.

Guru Elite

Re: SSL Error between RAP and airwave

What version of InstantOS does the RAP-3WN have on them if they cannot contact Activate/Airwave?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor I

Re: SSL Error between RAP and airwave

RAP-3WN : 6.4.4.8-4.2.4.5_57965

Airwave : 8.2.4

And as I already told, I've got about 3500 RAPs working fine. The "problem RAPs" were also working fine until I did a factory reset.

Guru Elite

Re: SSL Error between RAP and airwave

Please see if the support announcements here: 

 http://support.arubanetworks.com/LinkClick.aspx?link=http%3a%2f%2fsupport.arubanetworks.com%2fDocumentation%2ftabid%2f77%2fDMXModule%2f512%2fCommand%2fCore_Download%2fDefault.aspx%3fEntryId%3d16996&tabid=139&mid=381

 

and here:  http://support.arubanetworks.com/LinkClick.aspx?link=http%3a%2f%2fsupport.arubanetworks.com%2fDocumentation%2ftabid%2f77%2fDMXModule%2f512%2fCommand%2fCore_Download%2fMethod%2fattachment%2fDefault.aspx%3fEntryId%3d20885&tabid=139&mid=381

 

..maybe apply to your situation.  If that is the case, resetting the RAP3WN puts it in a state where it cannot contact activate and you need to upgrade before trying to provision it.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: