Wireless Access

Reply
Occasional Contributor II

How to debug RAP-2WG issues?

Hello,

 

i'm new to Aruba and currently on a test-environment. Today i've tried to access our Mobility Controller (which is connected to the internet by our router having DNATs for Port 500 and 4500) using a RAP2 from my homeoffice. Connectivity seems ok, but the web-gui of the RAP tells about an IKE Error.

How can i find the source of the problem? Where can i look at? There must be some kind of log, but where?

Guru Elite

Re: How to debug RAP-2WG issues?


oliver.geisen@kreisbote.de wrote:

Hello,

 

i'm new to Aruba and currently on a test-environment. Today i've tried to access our Mobility Controller (which is connected to the internet by our router having DNATs for Port 500 and 4500) using a RAP2 from my homeoffice. Connectivity seems ok, but the web-gui of the RAP tells about an IKE Error.

How can i find the source of the problem? Where can i look at? There must be some kind of log, but where?


Start with the IKE Error.  What is it?  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: How to debug RAP-2WG issues?

A common IKE error which is occurs when the RAP is not added to the RAP whitelist is RC_ERROR_IKE_XAUTH_AUTHORIZATION_FAILED. If this is your error message then make sure you have added the RAP to the RAP whilelist on the master controller.

 

Regards,

Sathya

Occasional Contributor II

Re: How to debug RAP-2WG issues?

rap2_ike_error.jpg

Guru Elite

Re: How to debug RAP-2WG issues?

Is the rap in the rap white list on the controller ?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: How to debug RAP-2WG issues?

Currently not. I will add him and try again this evening. Reporting tomorrow.

Thanks for now!

Guru Elite

Re: How to debug RAP-2WG issues?

Okay, did you also create an IPSec pool for your aps, as well?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: How to debug RAP-2WG issues?

So, i one step further. After adding the RAP using the Controller-Wizard it cames up on my home site and lights the WLAN LED. But it still don't transmitt any SSIDs. In the controller i can see that it seems ok (no longer mismatched or down).

I think i was missing some setup. What is this IPSec pool thing you mention?

Aruba Employee

Re: How to debug RAP-2WG issues?

Every RAP that authenticates successfully to  the controller requires a valid inner IP address for the IPsec tunnel. This inner IP address is issued from the address pool that is configured in the VPN services. 

address pool.png

 

 

Also on CLI type 

show ap debug received-config ap-name <name of AP> to check that the RAP has received all the required configurations such those related to the VAP and radio settings.

 

Regards,

Sathya

Occasional Contributor II

Re: How to debug RAP-2WG issues?

Oh, yes, i see. I already had this. My RAP gets 172.29.241.7, which is an inner IP address of a VLAN, specially created for VPN-Services (RAP and VIA). The VLAN is reachable via the controllers interface in the local network. Routing is pointed to that interface.

I can also PING the RAP from our coorporate network.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: