Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Problem with RAP

This thread has been viewed 5 times

  • 1.  Problem with RAP

    Posted Sep 05, 2017 06:36 AM

    Hi,

    I have problem with setup my RAP. Remotely and even with convert campus to remote AP.

     

    I allow L2TP (PAP) in Advanced Services > VPN Services > IPSEC

    then configure L2TP pool and set IKE Shared Secrets key

     

    In remote convert I add APs mac address to whitelist. In campus i read that I dont need to.

     

     

    In remote it showed vpn setup failed. In campus after I reconnect AP to different LAN AP didn't show in AP installation.

     

    Then I tried port scan to my controller public IP to port 4500. And it show that port is closed. So I checked Advanced Services > Stateful Firewall > ACL White List

     

    and port 4500 UDP is permit for any IP.  Or I must allow this port elsewhere ?

     

    Thanks for advice. Srry for my english.

     



  • 2.  RE: Problem with RAP

    EMPLOYEE
    Posted Sep 05, 2017 07:40 AM

    Hi TomasD,

     

    Is the traffic going through a firewall? Maybe the firewall is blocking the ports. Can you please share more details about the environment? 

    what happened, if you place the AP directly into a VLAN which can directly communicate with the controller? Without any firewalls in between. 

     

    Many thanks,

    Florian



  • 3.  RE: Problem with RAP

    Posted Sep 06, 2017 09:03 AM

    Hi,

    Thanks for reply. Now I have open UDP port 4500 on my controller, but nothing change. RAP cant connect to controller. Still get VPN connect failed.

     

    Any other idea? Thanks

     



  • 4.  RE: Problem with RAP

    EMPLOYEE
    Posted Sep 06, 2017 09:06 AM

    Hi TomasD,

     

    Ports needed between RAP and Mobilty Controller:

    • IPSec (UDP ports 500 and 4500)

    Not only UDP 4500 but also 500 is needed. Can you check this as well. 



  • 5.  RE: Problem with RAP

    Posted Sep 06, 2017 09:51 AM

    Hi,

    yes port 500 was open too.

    500/udp open|filtered isakmp

     

     



  • 6.  RE: Problem with RAP

    EMPLOYEE
    Posted Sep 07, 2017 07:39 AM

    Hi ThomasD,

    How is the RAP configured to find the controller? If you enter the "apboot" menu and use the command "printenv", you should find an entry like "master=IP OR DNS OF MASTER". If this is not present, the RAP is not able to find the master. 

    If you have this entry, I would try to trace the traffic of the RAP to see if he is actually sending requests to the controller. Just to make sure, he is doing something. 



  • 7.  RE: Problem with RAP
    Best Answer

    Posted Oct 16, 2017 01:38 AM

    Hi,

    so problem was in authentication.

    Security > Authentication > L3 Authentication / VPN Authentication

    ServerGroup in default-rap must be setup on internal db. I didn't have that.