Wireless Access

Reply
Contributor II

Bootstrapping of AP215

I have a Campus environment with (45) 215 AP's.  In this environment a few of my AP's continuously bootstrap.  This is caused by missing heartbeats.   On th e7205 Controller I can ping all AP's until they bootstrap.  I have checked the ports and protocols on my firewall and even had the dreaded "permit any any" to test and the devices still bootstrap.  I have changed the default heartbeat count to 10 at 60 seconds intervals.  Along with changing the MTU to 1500 still booting.  I have upgraded to the 6.5.4.3 OS. Other than opening a case for this matter I thought I would ask a question.  What could cause this.

Frequent Contributor I

Re: Bootstrapping of AP215

That sounds strange. I wonder if you have checked the following document, it basically shows some recommendations about how to adjust the bootrstrap threshold and prioritze AP heartbeat: http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/AP_Config/Optimize_Over_Low_Link.htm

 

HTH

Contributor II

Re: Bootstrapping of AP215

Hi Kevin,

 

Yes I have read the document in question and have the bootstrap threshold to 60 instead of the default.  Still having missed heartbeats.  I think it is the oversaturation of the link that could be the problem.  

 

Contributor II

Re: Bootstrapping of AP215

Hello,

 

i also found that one of my AP has an error within the log.  May 22 05:45:26 authmgr[4114]: <522038> <4114> <NOTI> |authmgr| username=ac:a3:1e:c5:e0:aa MAC=ac:a3:1e:c5:e0:aa IP=x.x.x.126 Authentication result=Authentication Successful method=TRANSPORT-VPN server=Internal 

Frequent Contributor I

Re: Bootstrapping of AP215

Hi,

 

Do you have a VPN concentrator where your controller resides?

It seems that the AP is trying to establish a VPN connection (assuming you are using CPSec) to another device that may not be the controller 

 

I wonder if you can look at the controller logs and the traffic sent by the AP

 

Kevin

Contributor II

Re: Bootstrapping of AP215

Hi Kevin,

 

I do not have a VPN concentrator at this location.  We have VPN on our Firewall only and this traffic is within our LAN... the IP address of the device is 10.141.197.126

Frequent Contributor I

Re: Bootstrapping of AP215

I found this:

May  9 13:09:28  stm[4117]: <305049> <4117> <WARN> |stm|  Unsecure AP "LIX-AP4" (MAC ac:a3:1e:c5:e0:aa, IP 205.165.197.126) has been denied access because Control Plane Security is enabled and the AP is not approved.

 

It seems that the AP has not been added to the whitelist in the controller. in particular, these two APs may not be added to the whitelist:

ac:a3:1e:c5:e0:aa

ac:a3:1e:c5:e2:0e

IP addresses: x.x.x.126 and x.x.x.125

 

EDIT: link about whitelists: https://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Content/ArubaFrameStyles/Control_Plane/Whitelists_on_Campus_and_Remote_APs.htm

 

Please note that CPsec is not intended for use with RAPs

 

I wonder if you could check that

Kevin

Contributor II

Re: Bootstrapping of AP215

Hi Kevin,

On those days that is correct they were not added to the whitelist.  Since then that matter has been taken care of.  I had replaced the older LIX AP's with 2 factory reset devices.  The problem only maginified then, not only did those two start having with bootstrap but now all four of my AP's at that location started.  Which is the issue now.....

 

Frequent Contributor I

Re: Bootstrapping of AP215

That sounds bad. I wonder if you could send some logs again to check this in more detail

Kevin

Contributor II

Re: Bootstrapping of AP215

Which logs please?  That was the from the command of "sh log all"  from the controller.  I have a ".pcap" file using Air Monitor to check out issue.  I have a show tech file about the problem

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: