Wireless Access

Reply
Occasional Contributor II

AP 305 fail with provision to CAP, 205 works.

Hi,

 

We have a pair of 7210 controllers running ArubaOS 6.5.4.2.

Historically we have been using Aruba IAP 205 and 225 for provisioning to CAP's but we have just decided to change to 305 and 315. We are now experiencing problems with provisioning the access points 305, if we use the exact same cable and controller IP in a 205 then it works. In controller logs we observed this:

 

User 20:a6:cd:c0:fb:d6 Failed Authentication
Nov 1 09:37:58 authmgr[4125]: <522275> <4125> <ERRS> |authmgr| User Authentication failed. username=20:a6:cd:c0:fb:d6 userip=10.233.2.105 usermac=20:a6:cd:c0:fb:d6 authmethod=VPN servername=Internal serverip=10.10.255.221 apname=N/A bssid=00:00:00:00:00:00.

 

This is not seen anymore after we put the AP mac-address in the controller whitelist. We can see in tcp dumps that the access point is connecting to the controller master ip with ftp and TCP, AP then reboots. After that there are no more trace of communication to master ip address. We only see external attempts too ip address 208.67.220.220 via a DNS request (?).

 

If we connect a factory-default IAP 205 to the same cable and connect it to the same master ip everything works.

 

Any suggestions?

 

 

 

Guru Elite

Re: AP 305 fail with provision to CAP, 205 works.

1. Are the access points with the problem in the same subnet as the controller?

2. Do you have "aruba-master.domain" configured on your local DNS server?

 

It almost looks like the AP is sending "aruba-master" dns lookup to your ISP's server and your ISP is answering.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: AP 305 fail with provision to CAP, 205 works.

Hi,

 

1. The access points we try to provison are not in the same subnet as the controller. We have used the same setup for two years provisioning IAP 205's, so it shouldnt be any issues with communication.

 

2. Correct me if i'm wrong, but since we set master ip hard in provision state it should not need to make DNS lookups for aruba-master? And why does this differ between models 205 and 305?

 

Kind Regards,

 

Nicklas

Guru Elite

Re: AP 305 fail with provision to CAP, 205 works.

The UAP image is different from the IAP image, so the behavior could be different.

 

You mention that it cannot find the controller.  What is your last step before that happens?  You mention conversion but you also mention statically provisioning the AP; I am trying to understand what is your last step before your issue.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: AP 305 fail with provision to CAP, 205 works.

Note : 6.5.4.0 , 6.5.4.1 and 6.5.4.2 have a serious bug and you should not use this code if your APs have statically assigned IP addresses.  Perhaps you should upgrade to 6.5.4.3 which is now available and avoid using this whether you have static IPs or not.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: