Wireless Access

Reply
Occasional Contributor I
Posts: 8
Registered: ‎01-18-2015

Can not convert IAP103 to CAP:( Urgently(((

Hi everybody, 

Got a problem:( I have a pair of 7210 controllers and 93 IAP103 working as APs. 

I use PSK+MAC authorisation on Internal DB for my clients. 

Now I want to add 3 new APs. I've got 3 new IAP103. They can see the controller, ping is OK. When I try to convert them to CAPs I've got just nothing:(

When I see the log at controller, It looks like the controller treats these new IAPs as Cliens and checks if their's MACs exist in the Internal DB and connection failed. 

ANy ideas how to fix?

Many thanks in advance!

 

My new APs MACs are:

94:b4:0f:c3:ec:cc

94:b4:0f:c3:ed:e4

94:b4:0f:c3:ef:26

The log is here

----------------------------------------------------

Feb 26 11:55:12

cfgm[3431]: <307048> <DBUG> |cfgm| Got a message from 8231:5010

Feb 26 11:55:12

cfgm[3431]: <307050> <DBUG> |cfgm| Received a IPSEC CFG Message

Feb 26 11:55:12

cfgm[3431]: <307218> <INFO> |cfgm| CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0

Feb 26 11:55:12

cfgm[3431]: <307219> <DBUG> |cfgm| Sending the IPSEC Configuration

Feb 26 11:55:14

localdb[3628]: <133006> <ERRS> |localdb| User 94:b4:0f:c3:ec:cc Failed Authentication

Feb 26 11:55:14

authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=94:b4:0f:c3:ec:cc userip=192.168.47.13 usermac=94:b4:0f:c3:ec:cc servername=Internal serverip=192.168.46.10 apname=N/A bssid=00:00:00:00:00:00

Feb 26 11:55:15

localdb[3628]: <133006> <ERRS> |localdb| User 94:b4:0f:c3:ed:e4 Failed Authentication

Feb 26 11:55:15

authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=94:b4:0f:c3:ed:e4 userip=192.168.47.14 usermac=94:b4:0f:c3:ed:e4 servername=Internal serverip=192.168.46.10 apname=N/A bssid=00:00:00:00:00:00

Feb 26 11:55:15

sapd[2628]: <404098> <WARN> |AP UBR 2-4@192.168.46.20 sapd| AM 94:b4:0f:c0:80:80: ARM - HT decreasing power cov-index 12/0 tx-power 4 new_rra 11-/3

Feb 26 11:55:19

authmgr[15698]: <522245> <DBUG> |authmgr| user_age() called for MAC 40:fc:89:3a:f0:34 IP 10.112.57.203.

Feb 26 11:55:21

localdb[3628]: <133019> <ERRS> |localdb| User C0-9F-42-68-A8-A2 was not found in the database

Feb 26 11:55:21

localdb[3628]: <133006> <ERRS> |localdb| User C0-9F-42-68-A8-A2 Failed Authentication

Feb 26 11:55:21

authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=C0-9F-42-68-A8-A2 userip=0.0.0.0 usermac=c0:9f:42:68:a8:a2 servername=Internal serverip=192.168.46.10 apname=UBR 2-3 bssid=94:b4:0f:be:c7:c1

Feb 26 11:55:22

cfgm[3431]: <399814> <DBUG> |cfgm| Recvd msg type MESSAGE_TYPE_HEARTBEAT 12 bytes, magic 4972 len 284 from local 192.168.46.6(00:1a:1e:01:91:e0) over socket 22

Feb 26 11:55:22

cfgm[3431]: <307093> <DBUG> |cfgm| master: My active_ts 2, Received heartbeat message version 4 from a LMS 192.168.46.6, pkt active_ts 2

Feb 26 11:55:22

cfgm[3431]: <307095> <DBUG> |cfgm| Setting switch entry not responding to false

Feb 26 11:55:22

cfgm[3431]: <399814> <DBUG> |cfgm| setSwitchUpgradeEntry:1179, IP: 192.168.46.6 - current state: Unknown, next state: Waiting, image not verified

Feb 26 11:55:22

cfgm[3431]: <399814> <DBUG> |cfgm| Received TLV HB message from 192.168.46.6(00:1a:1e:01:91:e0) entry config state UPDATE SUCCESSFUL outstandingUpdateCount 0 maxOutstandingUpdateCounter 5

Feb 26 11:55:22

cfgm[3431]: <307099> <DBUG> |cfgm| Timestamps are same, state is UPDATE SUCCESSFUL

Feb 26 11:55:22

cfgm[3431]: <307100> <DBUG> |cfgm| Sending heartbeat version 4 response over TCP to 192.168.46.6 config state UPDATE SUCCESSFUL, my config ID 2 incoming packet cfgid 2

Feb 26 11:55:25

cfgm[3431]: <307026> <DBUG> |cfgm| master: Refreshing the lms list

Feb 26 11:55:25

cfgm[3431]: <307027> <DBUG> |cfgm| Checking the LMS not responding flag for local 192.168.46.5 flag value is 1, missedHB 0 socketID -1

Feb 26 11:55:25

cfgm[3431]: <307027> <DBUG> |cfgm| Checking the LMS not responding flag for local 192.168.46.6 flag value is 0, missedHB 0 socketID 22

Feb 26 11:55:27

cfgm[3431]: <307048> <DBUG> |cfgm| Got a message from 8231:5010

Feb 26 11:55:27

cfgm[3431]: <307050> <DBUG> |cfgm| Received a IPSEC CFG Message

Feb 26 11:55:27

cfgm[3431]: <307218> <INFO> |cfgm| CFGM IPSEC src_net:0.0.0.0:0.0.0.0 dst_net:0.0.0.0:0.0.0.0 vlan:0 mac1: mac2: caCert: serverCert: suitBalgo:0 credType:0

Feb 26 11:55:27

cfgm[3431]: <307219> <DBUG> |cfgm| Sending the IPSEC Configuration

Feb 26 11:55:29

localdb[3628]: <133006> <ERRS> |localdb| User 94:b4:0f:c3:ef:26 Failed Authentication

Feb 26 11:55:29

authmgr[15698]: <522275> <ERRS> |authmgr| User Authentication failed. username=94:b4:0f:c3:ef:26 userip=192.168.47.15 usermac=94:b4:0f:c3:ef:26 servername=Internal serverip=192.168.46.10 apname=N/A bssid=00:00:00:00:00:00

 

MVP
Posts: 288
Registered: ‎08-27-2012

Re: Can not convert IAP103 to CAP:( Urgently(((

Do you have cpsec enabled? What's your license count look like?
ACDX #419 | ACMP |
Occasional Contributor I
Posts: 8
Registered: ‎01-18-2015

Re: Can not convert IAP103 to CAP:( Urgently(((

Hi!

Control plane security is disabled. 

I've got 100 device licencies installed (using now 99 - including these 3 new APs)

 

Thanks!

Occasional Contributor I
Posts: 8
Registered: ‎01-18-2015

Re: Can not convert IAP103 to CAP:( Urgently(((

May be I should enable CPSec and add manually these new IAPs to white list?

Will it solve the problem?

Guru Elite
Posts: 21,490
Registered: ‎03-29-2007

Re: Can not convert IAP103 to CAP:( Urgently(((

Petgovich,

 

What version of ArubaOS are you running on your 7200 controller?

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎01-18-2015

Re: Can not convert IAP103 to CAP:( Urgently(((

Cjoseph,

I'm running 6.4.2.3 now

Guru Elite
Posts: 21,490
Registered: ‎03-29-2007

Re: Can not convert IAP103 to CAP:( Urgently(((

Petgovich,

 

That should absolutely work.  You might want to contact TAC, because you could have changed something that would affect the conversion process.  I don't want to guess and have you break something in your production network.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 8
Registered: ‎01-18-2015

Re: Can not convert IAP103 to CAP:( Urgently(((

At initial deployment I had no PEFNG installed. Now I have it. Are there any firewall rules I should check?
MVP
Posts: 1,414
Registered: ‎11-30-2011

Re: Can not convert IAP103 to CAP:( Urgently(((

you could check if your interfaces are set to trusted, but further there shouldn't be any rules involved.

 

your log does indicate the AP doesn't authentication correctly. did you convert them really to CAP and not RAP? and is CPSEC really turned off?

 

also for urgent questions there is TAC.

Occasional Contributor I
Posts: 8
Registered: ‎01-18-2015

Re: Can not convert IAP103 to CAP:( Urgently(((

Many thanks to everybody!

The problem is solved 

Search Airheads
Showing results for 
Search instead for 
Did you mean: