Wireless Access

Reply
Occasional Contributor I

Problem with RAP

Hi,

I have problem with setup my RAP. Remotely and even with convert campus to remote AP.

 

I allow L2TP (PAP) in Advanced Services > VPN Services > IPSEC

then configure L2TP pool and set IKE Shared Secrets key

 

In remote convert I add APs mac address to whitelist. In campus i read that I dont need to.

 

 

In remote it showed vpn setup failed. In campus after I reconnect AP to different LAN AP didn't show in AP installation.

 

Then I tried port scan to my controller public IP to port 4500. And it show that port is closed. So I checked Advanced Services > Stateful Firewall > ACL White List

 

and port 4500 UDP is permit for any IP.  Or I must allow this port elsewhere ?

 

Thanks for advice. Srry for my english.

 

Aruba Employee

Re: Problem with RAP

Hi TomasD,

 

Is the traffic going through a firewall? Maybe the firewall is blocking the ports. Can you please share more details about the environment? 

what happened, if you place the AP directly into a VLAN which can directly communicate with the controller? Without any firewalls in between. 

 

Many thanks,

Florian

visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Occasional Contributor I

Re: Problem with RAP

Hi,

Thanks for reply. Now I have open UDP port 4500 on my controller, but nothing change. RAP cant connect to controller. Still get VPN connect failed.

 

Any other idea? Thanks

 

Aruba Employee

Re: Problem with RAP

Hi TomasD,

 

Ports needed between RAP and Mobilty Controller:

  • IPSec (UDP ports 500 and 4500)

Not only UDP 4500 but also 500 is needed. Can you check this as well. 

visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Occasional Contributor I

Re: Problem with RAP

Hi,

yes port 500 was open too.

500/udp open|filtered isakmp

 

 

Aruba Employee

Re: Problem with RAP

Hi ThomasD,

How is the RAP configured to find the controller? If you enter the "apboot" menu and use the command "printenv", you should find an entry like "master=IP OR DNS OF MASTER". If this is not present, the RAP is not able to find the master. 

If you have this entry, I would try to trace the traffic of the RAP to see if he is actually sending requests to the controller. Just to make sure, he is doing something. 

visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de
Occasional Contributor I

Re: Problem with RAP

Hi,

so problem was in authentication.

Security > Authentication > L3 Authentication / VPN Authentication

ServerGroup in default-rap must be setup on internal db. I didn't have that.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: