05-12-2016 01:19 AM - edited 05-12-2016 02:32 AM
iam using 18.104.22.168 on 7010 and the APs are not pingable from other subnets. In the AP System Profile there is ap-uplink-acl (default) that normally allows ICMP. So i think this "issue" comes with CPSEC enabled and has something to do with the tunnel list for the AP. Is this a "issue" or a well known configuration and canthis behavior changed ?
In my case we want to allow the DHCP Servers to ping the Clients to check the leases (ip adress conflict check, which is not possible if the device won't answer)
Thanks for Feedback
Solved! Go to Solution.
05-12-2016 03:21 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
05-12-2016 10:05 AM
Would love to hear if this is fixed.
We ran into this a few months ago.
Don´t remember all details, but what worked was a ping from the controller.
Anything outside the LAN where the AP is placed could not ping the AP.
We opened a case and were told that this is a known behaviour and related to CPSEC.
05-22-2016 11:55 PM
Feedback from TAC: You actually need your "Ports" on the controller enabled as "routed" Ports so the back way from Controller to the Subnet of the ICMP Source can be reached "routed".