11-17-2016 12:14 PM
We got new controllers and I am setting them up as additional Local controllers. Everything seem to be fine, the master sees this new local, centralized lics are shared, ipsec (cypto isakmp sa) is ok on both sides..etc.
Now I have this Test AP and I gave it a newly created AP system profile that has LMS IP pointed at the new Local. I rebooted the test AP, got an IP for itself, sees the master and got its LMS IP using saved LMS (IP of the new Local). Everything seem fine but on the new Local, it is not seeing the test AP. The new local can't ping the test AP.
I opened the test AP console and tried to ping the new Local and other controllers, it seem to see them all.
However, after few minutes, the test AP rebooted and I got this error below.
Clearing P1020 PCIe Error Status
AP rebooted Wed Dec 31 16:11:58 PST 1969; Unable to set up IPSec tunnel to saved lms, Error:RC_ERROR_IKEV2_TIMEOUT
shutting down watchdog process (nanny will restart it).
Solved! Go to Solution.
11-17-2016 05:51 PM
You have two problems, but your big problem is that the AP cannot find the controller.
Type "show log system 50" on the local controller to see if you can get a clue why the AP is not working.... Do the same thing on the master, just in case it says something about the AP...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
11-18-2016 03:52 AM
Start by using the default system-profile. Will it find its way onto the master and stay stable?
If yes, provision it with the new system profile for the new local controller. Check "show datapath session table x.x.x.x" with the ip address of the ap on the local to see if it tries to contact it and on what ports. Make sure the firewall rules and routing are the same from the APs subnet to the new local as it is to the master.
Aruba: ACMX #537 ACCP | CWNP: CWNA CWDP CWSP
11-18-2016 09:30 AM
I can now see the AP on the new local. The problem now is that the APs are inactive. I have 2 sets of this (1 new local + 1 AP) and both shows the same flag.
11-23-2016 11:13 AM - edited 11-23-2016 11:14 AM
At first, the controlers can't see the APs because of some nework configurations.
Then the controlers see the APs but the APs were flagged with I (inactive). This was fixed by adding DNS that I missed to fill at first.