Wireless Access

Reply
Occasional Contributor II

CPSEC side effect?

Hi, has anyone experienced that when enabling CPSEC, all wifi client can't connect to wifi? I have enabled cpsec to configure bridge mode, but after a day of enabling it all users were unable to connect, and i have not done any configuration for bridge mode yet. By disabling cpsec, all users were able to connect again.

 

It's a bit weird because after enabling it, I tested the wifi and was able to connect to it, I even have clients coming in after the AP's rebooted. Any feedback is appreciated. Thank you.

 

 

Richard

Guru Elite

Re: CPSEC side effect?

You would need to examine the contents of "show log system 50", to find out what is going on with those access points.  By default CPSEC is enable, but auto-cert-provisioning is also off, so no access points can work unless they are whitelisted.  Please let us know what settings you had for CPSEC and if clients could not connect, were the access points in the whitelist.  If the APs were in the whitelist, we need the contents of "show log system 50" to determine what is happening.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: CPSEC side effect?

Hi, Thanks for the reply, I enabled Auto Cert Provisioning when i turned on CPSEC, and I saw all the AP's in CAP Whitelist. The SSID's are being broadcasted at that time but users can't connect to it. they are failing in authentication (i think). We are using 802.1x on LDAP server as our authentication. We also have a guest SSID with open authentication but even that is not working as well. Attached is the output for "show log system 50". I'm not sure if the highlighted is the problem. The reboot on 23rd July was when I turned off CPSEC. I hope the info helps. Thanks.

 

 

Guru Elite

Re: CPSEC side effect?

Looks completely normal.  You did you change any virtual APs to "bridged" after turning on CPSEC, or any other changes?  You might have to turn on user debugging to see what is going on after that:

 

config t

logging level debug user

show log user 50

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: CPSEC side effect?

Hi, I haven't changed anything yet in the Virtual AP after turning on CPSEC. I'll try to do this again and see the debug when my customer agreed to reboot the AP again which i think will take some time. Thanks for the help man.

Occasional Contributor II

Re: CPSEC side effect?

Hi, We did another testing in enabling the CPSEC, we still get the same result, after the AP's reboot the all the clients were able to connect to the SSID, after few hours all wifi clients start to drop slowly. We enabled CPSEC at night, so by 8am all clients were disconnected already. I've attached output on "show log user 50". So by the time users come in to office, complains started to come in that they can't connect to the SSID. So we ended up disabling CPSEC again. I don't see anything wrong with the logs (or i'm missing it), so i'm not really sure what is wrong, it's odd because we have another customer where their CPSEC is enabled and their wifi is working fine. Thanks

Guru Elite

Re: CPSEC side effect?

The logs look fairly routine with a couple exceptions

 

 

Question:

 

What is providing DHCP to the clients and the access points and the clients?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: CPSEC side effect?

Hi,

 

The clients and AP's get their IP from an external Microsoft DHCP server, and both have different subnet. They have around 6 SSID's and all are in different vlans.

 

Question though.....After I enabled CPSEC from our last test, I created a VAP with bridged forward mode in it, and after I disabled CPSEC the controller didn't ask me to remove the bridged mode. So will the bridge actually work even if the CPSEC is disabled? We haven't tested this yet, maybe we'll test it this coming weekends. Thanks.

Guru Elite

Re: CPSEC side effect?

The AP will NOT come up if you have a bridged mode SSID and (1) CPSEC is not enabled or (2) the AP is not provisioned as a remote ap.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: