Remote Networking

Reply
mat
Occasional Contributor I
Posts: 6
Registered: ‎04-27-2009

AP behind Cell rotuer and IPSEC tunnel

I work in a retail environment, so i constantly have stores opening on short notice. to get a network signal before our permanent circuit is in we'll send out a cradlepoint device with a vpn back to our data center with a cellular card of (which ever flavor has a decent signal in the area)

the ipsec vpn is setup to send all traffic through the vpn.

We've recently started putting aruba ap's in our stores in a tunnel mode for inventory wireless application, and works great.

when i install one behind the cradlepoint though i get strange behavior from the ap. it will show up as an up ap on the controller. no devices are able to connect to it. when i try to reboot it from the controller it tells me reboot sent but never reboots. if i try to provision it the AP will reboot but will keep the previous SSID's with and show the new profile.

If i try to show recieved configuration from these ap's they will time out.

any advice on where to look to start troubleshooting?


Controller is a 3600 on 5.0.3.3. but had this same problem on previous versions as well.
Guru Elite
Posts: 21,566
Registered: ‎03-29-2007

Re: AP behind Cell rotuer and IPSEC tunnel


I work in a retail environment, so i constantly have stores opening on short notice. to get a network signal before our permanent circuit is in we'll send out a cradlepoint device with a vpn back to our data center with a cellular card of (which ever flavor has a decent signal in the area)

the ipsec vpn is setup to send all traffic through the vpn.

We've recently started putting aruba ap's in our stores in a tunnel mode for inventory wireless application, and works great.

when i install one behind the cradlepoint though i get strange behavior from the ap. it will show up as an up ap on the controller. no devices are able to connect to it. when i try to reboot it from the controller it tells me reboot sent but never reboots. if i try to provision it the AP will reboot but will keep the previous SSID's with and show the new profile.

If i try to show recieved configuration from these ap's they will time out.

any advice on where to look to start troubleshooting?


Controller is a 3600 on 5.0.3.3. but had this same problem on previous versions as well.




Can you Ping the inner ip address of the access point to see the latency over that link? You could also have an mtu issue running gre traffic through an ipsec tunnel.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

mat
Occasional Contributor I
Posts: 6
Registered: ‎04-27-2009

Re: AP behind Cell rotuer and IPSEC tunnel

Thanks for the quick Response.

I would definitely believe you on the MTU. so i've created a new ap system profile and set the SAP MTU to something other than blank for now. but i don't think i have a good way of testing the one i have out in the field since it probably won't pull that new setting.


(aruba3600-tw) #ping 172.23.187.92
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 172.23.187.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 95.939/122.909/136.574 ms

(aruba3600-tw) #ping 172.23.187.92
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 172.23.187.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 105.908/111.302/127.357 ms

(aruba3600-tw) #ping 172.23.187.92
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 172.23.187.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 94.696/95.8908/96.534 ms
Guru Elite
Posts: 21,566
Registered: ‎03-29-2007

Re: AP behind Cell rotuer and IPSEC tunnel


Thanks for the quick Response.

I would definitely believe you on the MTU. so i've created a new ap system profile and set the SAP MTU to something other than blank for now. but i don't think i have a good way of testing the one i have out in the field since it probably won't pull that new setting.


(aruba3600-tw) #ping 172.23.187.92
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 172.23.187.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 95.939/122.909/136.574 ms

(aruba3600-tw) #ping 172.23.187.92
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 172.23.187.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 105.908/111.302/127.357 ms

(aruba3600-tw) #ping 172.23.187.92
Press 'q' to abort.
Sending 5, 100-byte ICMP Echos to 172.23.187.92, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 94.696/95.8908/96.534 ms




Try 1400. If you reboot that ap, it will use the new mtu.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: