Wireless Access

Reply
MVP
Posts: 1,408
Registered: ‎05-28-2008

6.2.1.3 - RAP configured units staying on RID flag|same config/same unit,older os - its working :(

[ Edited ]

Hi AirHeads, Your assistance is needed.

 

I have a  A3600 in my testing lab (Don’t ask for a S/N – I'm Aruba distributor – doing tests in my own environment before deployments.) that working with RAP units = AP125 | AP105 | AP135 | AP93 | AP61 (from all kind)

 

Last week, I upgraded the partition 0 to 6.2.1.3..and since then the RAP units that was connecting to it – stop to work and keep staying on RID when using user/password/key auth….

(tested with CPSEC OFF)

 

If I'm booting from, the 2nd partition,  partition 1 (6.1.3.6) – without changing any configuration. All the RAPS are connecting well. As before

 

This BUG has been seen on 10 other controllers on the field!!! RAP with user/password/key getting RID forever with 6.2.1.3 version.

 

Please advise

 

Thanks.

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: 6.2.1.3 BUG - internaldb... dont let rap to connect | must use CERT :(

If you add one of your RAPs on your test network to the controller when using the new code, as a test, does it COME UP into service ?

 

FYI, CPSEC does not affect RAP functionality, it's for campus APs running IPSEC for Control Plane functionality.    The RAP-WHITELIST is where you want to add the RAP for a test of course.

 

Reason i am suggesting this test (add one RAP to whitelist and allow to boot, see if RID is obtained) is to rule-in or rule-out that what you are seeing in your situation is 100% dependant upon username/password and NOT something else that has changed during the migration.   

 

Could you pls. verify this so we can focus the next-steps ?  

JF

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

[ Edited ]

Thanks for fast responding! :catembarrassed:

 

If you add one of your RAPs on your test network to the controller when using the new code, as a test, does it COME UP into service ?

 

RAP (AP105/AP125/AP135)  working ONLY IF I USE CERT on version 6.2.1.3 .On other version also with user/pass same controller same config.

 

FYI, CPSEC does not affect RAP functionality, it's for campus APs running IPSEC for Control Plane functionality.    The RAP-WHITELIST is where you want to add the RAP for a test of course.

Thanks on the info but.. I aware to that ..im using Aruba since 2004..And just deployed thousands of rap units :) I just mentioned that

 

BTW: the user/pass working great on lower versions.. (other partition same config)

 

Reason I am suggesting this test (add one RAP to whitelist and allow to boot, see if RID is obtained) is to rule-in or rule-out that what you are seeing in your situation is 100% dependant upon username/password and NOT something else that has changed during the migration.  

 

RAP with CERT working like charm (tested on a few different units)

CAP working like charm

RAP with user/pass internal db... On 6.2.1.3 just doesn't work (tested on a few units - all of them staying on RID..If I'm lowering the version everything working!) *even due i can see under clients..that the ap connected well and got the right role.. ap-role + internal vpn address )

 

and ideas? Already tested on two different controller on lab (1 partition with 6.2.1.3 2nd partition with older 6.1.3.X)  - same results when using 6.2.1.3 (and I also saw that in 10 other controllers that I have on different sites with 6.2.1.3)

 

Me.

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

Dear Me;

 

Glad you have deployed thousands of units, congrats :)  

 

Your reply now gives me important information missing from your original posting.   Since cert provisioning lets the devices through, that's good to know.    

 

Next up;   What does the datapath say for these RAPs that are in the RID state ?   What does a debug on the RAP tell us ?  

 

JF 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

10-15min i will get back to , i will go back to my lab (i'am outside the office right now)

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

[ Edited ]

Datapath of two diffrent RAP'S on 3600 with 6.2.1.3

 

 1.1.1.1 = RAP with CERT (Working on 6.2.1.3)

1.1.1.2 = RAP with username password (working on all version except 6.2.1.3)

 

Capture.PNG

 

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

When trying to get DEBUG LOG WITH 6.2.1.3 in front of RAP unit with RID FLAG...the controller just freezing in CLI and GUI:

Capture2.PNGCapture3.PNG

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 21,018
Registered: ‎03-29-2007

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

type "show user-table internal" to see what roles each of those RAPs get.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

Capture33.PNG

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 21,018
Registered: ‎03-29-2007

Re: 6.2.1.3 BUG - internaldb... Don't let rap to connect | must use CERT :(

Type "show rights logon" and "show rights ap-role"



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: