Wireless Access

Reply

CPSec issue?

Hi All,

 

Scenario...

Controller running 6.4.2.5.

CPsec enabled - auto cert provisioning on

 

AP connect to the controller but the status in cpsec is certified-hold-factory-cert. When changing the status to certified-factory-cert the AP reboots and the status changes back to certified-hold-factory-cert!

 

Here's what the controller says:

May 26 11:46:49 <sapd 311020> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4461 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_ISAKMP_N_RSA_DECRYPTION_FAILED. Ipsec not successful after reboot.
May 26 11:48:14 <nanny 303086> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx nanny| Process Manager (nanny) shutting down - AP will reboot!
May 26 11:49:42 <sapd 311020> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4456 error redun_retry_tunnel: Ipsec not successful to saved lms. Error:RC_ERROR_ISAKMP_N_RSA_DECRYPTION_FAILED. rebooting.
May 26 11:49:44 <nanny 303086> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx nanny| Process Manager (nanny) shutting down - AP will reboot!
May 26 11:51:13 <sapd 311020> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4461 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_ISAKMP_N_RSA_DECRYPTION_FAILED. Ipsec not successful after reboot.
May 26 11:52:38 <nanny 303086> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx nanny| Process Manager (nanny) shutting down - AP will reboot!

 

Can anyone shed light on this?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: CPSec issue?

Have also tried deleting the AP entry and rebooting the AP, the same thing occurrs.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

JrWhitehead,

 

What model of access point is this?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: CPSec issue?

It's an AP225.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

JrWhitehead,

 

If CPSEC never worked previously with this access point, it is looking like there is a problem with the built-in certificate on this AP.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: CPSec issue?

I got the same result from 2 different AP225's. Hope they're both not broken. :(

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

How many access points do you already have connected to the controller successfully with CPSEC?

Do you have a redundant configuration?

 

Please execute "show whitelist-db cpsec-status"

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: CPSec issue?

None. CPSec is disabled.

 

We have 2 controllers in a master-standby configuration.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

So, to be clear, you are trying to enable CPSEC with no access points connected to the controller(s), and then connecting the AP225s?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Re: CPSec issue?

Yes that's correct.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: