Remote Networking

Reply
Occasional Contributor I
Posts: 7
Registered: ‎09-01-2010

RAP-2WG Not Connecting to Controller

Hi. We are a new customer and have had our aruba installation for approximately 1 month. We have 59 on site AP105's and 60 RAP 2WG's for remote networking controlled by the A3600 Controller. We have configured one NIC on the controller to be the outfacing IP for the RAPS and have NAT-T inbound and outbound and ESP inbound enabled on the school firewalls.

We are having some issues with the RAPS connecting to the controller. While it seems some people have no issues far more frequent other do. Symptoms include WLAN active on the RAP but status light flashing (which I am lead to believe is the rap signalling loss of connection to controller), Users unable to log on. Others wont connect at all, even after constant re provisioning. Says could not connect to controller, even though the controller is active and serving other raps.

this was sold to us as a stable platform where users can use their school laptops at home on the domain as they would if they were in the building.

We are new to all this technology, so would appreciate all the help we can get

thanks
Guru Elite
Posts: 21,556
Registered: ‎03-29-2007

Problems with RAPs


Hi. We are a new customer and have had our aruba installation for approximately 1 month. We have 59 on site AP105's and 60 RAP 2WG's for remote networking controlled by the A3600 Controller. We have configured one NIC on the controller to be the outfacing IP for the RAPS and have NAT-T inbound and outbound and ESP inbound enabled on the school firewalls.

We are having some issues with the RAPS connecting to the controller. While it seems some people have no issues far more frequent other do. Symptoms include WLAN active on the RAP but status light flashing (which I am lead to believe is the rap signalling loss of connection to controller), Users unable to log on. Others wont connect at all, even after constant re provisioning. Says could not connect to controller, even though the controller is active and serving other raps.

this was sold to us as a stable platform where users can use their school laptops at home on the domain as they would if they were in the building.

We are new to all this technology, so would appreciate all the help we can get

thanks




So, you mentioned a number of issues that you are having with regards to remote access points. The only comprehensive way you can get it solved, is if you open a case to ensure that your installation is optimally configured. With that being said, you can try the suggestions below:

- One thing I would look at is the quality of the connection between the access points and the RAPs.
- If you could also open up ICMP on the public address of the controller and do pings from the client locations to the controller, you would be able to see if everything is allright, point to point. - If your clients are doing encryption, many client drivers do not like to see more than 100 ms of delay when attempting to complete a key exchange. The ping test from the outside will reveal that in addition to how reliable IP connectivity is at a basic level.
- Another thing you want to ensure is that the physical interface on the controller that is plugged into the public and private networks do not have any errors on them (show interface gigabitethernet x/y). If so, make sure they negotiated speed and duplex correctly.
- Check to make sure that you have enough AP licenses and that access points are not being denied (show ap database)
- For any APs that cannot reach the controller check to see if their traffic is making it through (show datapath session table ).
- For the APs who's traffic do show up in the datapath session table above, see if they form a Crypto Security association (show crypto ipsec sa peer - If you do see an SA for that AP, check for traffic between the controller and the AP using the inner ip address from the output of the show crypo ipsec sa statement (show datapath session table
- Do a "show log system all" to see if there are any errors related to APs that connect.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 455
Registered: ‎04-02-2007

Re: RAP-2WG Not Connecting to Controller

It would help to know more specifics about your setup and configuration, and any error codes you are receiving. As you are using the RAP-2WG it would also be good on the subscriber side to look at the RAP console and see what the RAP is telling you about it's connection state. How did you configure the RAPs, with a PSK or using self provisioning? If self provisioned, are the MAC addresses in the white list?

You might also check that your network firewall is properly forwarding UDP 4500 to the controller, There have been numerous cases where a misconfiguration here prevented the RAP from working. You should also check that the RAPs were configured with the correct public IP/hostname. You can check your configuration against our reference guide, which you can find at http://www.arubanetworks.com/vrd.

From my experience most of the problems tend to be configuration issues and WAN link issues. I've used a RAP every day for the last 4 years at my home and while traveling for the company using both voice and data, the only problems I've encountered have been due to my network provider.

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor I
Posts: 7
Registered: ‎09-01-2010

Thanks

Thanks for your advice.

I did think licences because I have never had more than 5 RAPS up at any one time. But checking the licence state i have 128 licences with 59 campus APs and 60RAPS. This should be enough?

Our Domain is behind another 2 completely separate networks. As we are school we are restricted by the local authority but I can verify that UDP 4500 is open and ESP. However the traffic is Natted twice before getting to the controller.

The other things you asked me to look at I will do, I am a novice on this system so it will take me some time to do what is suggested.

Many Thanks again
Occasional Contributor I
Posts: 7
Registered: ‎09-01-2010

Working now

Thanks for all your advice, we put a laptop on wireshark between the external ip and the controller. We could see the traffic coming in on isakmp and esp both ways from several raps. On the controller the logs showed that they were getting through but not building the tunnel.

Turned out a simple restart of the controller fixed the issue.

I hate it when problems are fixed by a turn off and on again. Makes me feel such a novice!

thanks for everything
Search Airheads
Showing results for 
Search instead for 
Did you mean: