Wireless Access

Reply

CPSec issue?

Hi All,

 

Scenario...

Controller running 6.4.2.5.

CPsec enabled - auto cert provisioning on

 

AP connect to the controller but the status in cpsec is certified-hold-factory-cert. When changing the status to certified-factory-cert the AP reboots and the status changes back to certified-hold-factory-cert!

 

Here's what the controller says:

May 26 11:46:49 <sapd 311020> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4461 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_ISAKMP_N_RSA_DECRYPTION_FAILED. Ipsec not successful after reboot.
May 26 11:48:14 <nanny 303086> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx nanny| Process Manager (nanny) shutting down - AP will reboot!
May 26 11:49:42 <sapd 311020> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4456 error redun_retry_tunnel: Ipsec not successful to saved lms. Error:RC_ERROR_ISAKMP_N_RSA_DECRYPTION_FAILED. rebooting.
May 26 11:49:44 <nanny 303086> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx nanny| Process Manager (nanny) shutting down - AP will reboot!
May 26 11:51:13 <sapd 311020> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx sapd| An internal system error has occurred at file sapd_redun.c function redun_retry_tunnel line 4461 error redun_retry_tunnel: Switching to clear. Error:RC_ERROR_ISAKMP_N_RSA_DECRYPTION_FAILED. Ipsec not successful after reboot.
May 26 11:52:38 <nanny 303086> <ERRS> |AP 94:b4:0f:c8:da:c0@xxx.xxx.xxx.xxx nanny| Process Manager (nanny) shutting down - AP will reboot!

 

Can anyone shed light on this?

 

Cheers

James


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: CPSec issue?

Have also tried deleting the AP entry and rebooting the AP, the same thing occurrs.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

JrWhitehead,

 

What model of access point is this?

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: CPSec issue?

It's an AP225.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

JrWhitehead,

 

If CPSEC never worked previously with this access point, it is looking like there is a problem with the built-in certificate on this AP.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: CPSec issue?

I got the same result from 2 different AP225's. Hope they're both not broken. :(


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

How many access points do you already have connected to the controller successfully with CPSEC?

Do you have a redundant configuration?

 

Please execute "show whitelist-db cpsec-status"

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: CPSec issue?

None. CPSec is disabled.

 

We have 2 controllers in a master-standby configuration.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPSec issue?

So, to be clear, you are trying to enable CPSEC with no access points connected to the controller(s), and then connecting the AP225s?

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************

Re: CPSec issue?

Yes that's correct.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: