Wireless Access

Reply
New Contributor

CAP Deployment through IPSEC Tunnel not working

Hail Community,

Myself and several SE friends have been beating our heads against this one. Scenario:

AP-225--> Branch 7005--> LAN Switch(Simulated WAN)--> HQ 7010.

We have actually tested this between several devices terminating the IPSEC tunnel, all with the exact same result.

IPSEC between the BRANCH and HQ

CAP at the BRANCH gets a local DHCP with option 43 pointing it to the HQ controller to register

AP gets to the controller, registers, gets enough of the config to push out an SSID, but you cannot connect to the SSID.  The AP is showing up Dirty intermittently on the HQ Controller.  First off, FORGET that the BRANCH is a Controller, it is just used as an IPSEC termination, ADP is disabled.  The 2 obviously things we see are this, PAPI is timing out causing the AP to perpetually bootstrap reboot, looks like its working, but it isn't.  Next is that the largest df-flag packet-size we can ping through the tunnel is 932 EXACTLY.  

  • We have adjusted the MTU in the AP System SAP, and just about anywhere else, from the switch port and beyond, all to no avail and with the same results..  932
  • Enable/Disabled Jumbo frames
  • Messed with the AMON msg's
  • Set Bootstrap threshold to 15+
  • bcmc-optimized
  • different IPSEC versions

I mean we have tried everything we can think of.  If some one out that has seen this please chime in.  If you want to lab it up, it is literally 2 controllers, 1 AP, IPSEC tunnel, register the AP on the other side and make it work!!

 

Appreciate any assistance.

Phil

 

Guru Elite

Re: CAP Deployment through IPSEC Tunnel not working

Does the controller have control plane security enabled?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: