Remote Networking

Reply
Contributor II
Posts: 51
Registered: ‎04-03-2007

New RAP2s not offering BSSID

I have a RAP2 and RAP5 that work fine in an ap-group called RAP using a username and password not the TPM based cert for auth. They were provisioned on an 800 controller. I migrated flash to a new MC620 so I could use TPM. I provisioned two with ZTC and both new RAP2's came up, properly connected to controller, downloaded new code and showed up with the right name in the right ap-group. The b/g radio however isn't offering up any SSID's and the AP shows nothing when I try and dump the AP's configuration in the diagnostics page.

The other RAP2 that works is fine.

Any ideas??? Notice one RAP2 has radio up and the other doesn't here in the code snip.

 Apex-Rap2-JMHome RAP 192.168.240.24 68.9.236.21 RAP-2WG     Wired Port enable 47m:31s disable RE 

bhrap2-test RAP 192.168.240.25 24.60.164.135 RAP-2WG 1/1/19.5/19.5/No Wired Port enable 31m:19s disable RE
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

show ap bss-table

Are both of the APs in the same AP-group? The "show ap bss-table" command should tell you what is ap is broadcasting what. In addition, did you do an ap-specific changes to that particular AP (instead of changes to the group)? If so, delete the AP-specific changes. Last but not least, make sure that in the ap-group of those APs, the AP system profile does not have the phy type of "a".


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎04-03-2007

New RAP2s not offering BSSID

There is no 'g' phy type listed for those AP's only the 'e1' type shows in the 'show ap bssid-table'

No special call outs for those AP's in the config

I've attahed the AP's Tech Support output. Seems to be a conflict here. It shows the AP in the "NoAuthApGroup" but the "show ap database status up" shows it in the right RAP ap-group.

Apex-Rap2-JM RAP RAP-2WG 192.168.240.18 Up 9h:34m:51s R-c 10.0.61.200


I tried resetting the AP and reprovisioning....no dice.
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

NoAuthApGroup

The AP should NOT be in the NoAuthApGroup. That group is normally blank

Please provision to another group. if you are using the whitelist, the whitelist will determine what group the AP is in. Please change the AP-group in the whitelist for that AP.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎04-03-2007

Re: New RAP2s not offering BSSID

The ap is stuck in the 'logon' role as evidenced by the "show user-table verbose" command. Something is not allowing it to move to the correct role for cert based AP's. Any ideas why? Are there ACL's that may be missing a line? This is an upgrade from RN to 5.0.0.1
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Logon role

There is nothing wrong with the AP in the logon role. All aps secretly end up in this role. What is wrong is the group that the AP is in. When you do a "show ap active" does the AP show as up?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 51
Registered: ‎04-03-2007

Re: New RAP2s not offering BSSID

yes and in the correct group....but that group doesn't match the group in the 'debug'....

according to VBN guide it should end up in an ap-group.....?
Contributor II
Posts: 51
Registered: ‎04-03-2007

Re: New RAP2s not offering BSSID

as an update. i'll be calling TAC. there seems to be a strange issue that needs more investigation. the AP's are coming up with a Flag of R-c indicating that they are in need of "Remote AP user auth" and "Cert based RAP". If i plug a laptop into Eth1 I get the company captive portal and authenticate. The moment I authenticate the Radio turns on and the AP's flag goes to Rc. The debug on the User Auth shows the AP gets a role of ap-role and everything works.
Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Wrong Role

Edit that APs group and ensure that the AP authorization profile is set to "None", so that does not happen. That is an option where, on top of putting the AP in the whitelist, you can also authenticate the ultimate first user of a RAP. it adds a factor of authentication and it also keeps a record of who physically activated it.

You should still open a case with TAC if that does not fix it, but based on your feedback, it should.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: