Wireless Access

Reply
Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Problem with RAP

Dear Friends,

I am trying to configure RAP-2WG with Aruba200 controller. When i connect RAP with controller its show up but when I provision the AP to any AP Group it does not come up and shows as down.

Details of configurations are in attached file. Please have a look into it and advice.

Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
MVP
Posts: 1,401
Registered: ‎05-28-2008

Re: Problem with RAP

[ Edited ]

in your log ,i can see the following error:

 

No ISAKMP PSK found for peer 192.168.2.125

1.did u configured the right VPN settings? (that allowing u to use cert or user/password/shared)?

2.did u whitelisted this RAP?

3.seems like a cert\secret issue.

 

Another thing,that u might wanna check: (That might sending wrong internal controller address to the rap unit)

Do u have any LMS or BACKUPLMS configured in the AP-system-profile default? Or in the AP-system-profile that attached to any of those groups?

 

It's seems that after you provision the RAP,he getting some wrong configuration (might be the LMS and BACKUP LMS - check it)

 

update us if it solve your issue.

 

Me.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Problem with RAP

Are you using certificate-based RAP provisioning?  This will not work on a 200-series controller.

 

Please try provisioning it using IKE preshared key and username and password provisioning...

 

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/RAP-2wg-with-800-series-controller-problem/td-p/8737



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 117
Registered: ‎02-26-2010

Re: Problem with RAP

maybe i'm wrong but i see ipsec but no gre/papi tunnel,

 check the remote networking pdf, maybe you miss something

 

http://community.arubanetworks.com/aruba/attachments/aruba/branch-wlan-and-remote-access/458/1/Aruba%20Remote%20AP%20Setup%20Guide.pdf

 

read at page 13

 

"Step 3: Configure the Remote AP User Role
Once the remote AP is authenticated for the VPN and established a IPsec connection, it is assigned a role.
This role is a temporary role assigned to the AP until it completes the bootstrap process after which it
inherits the ap-role. The appropriate ACLs need to be enabled to permit traffic from the controller to the AP
and back to facilitate the bootstrap process."

Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Frequent Contributor II
Posts: 117
Registered: ‎02-26-2010

Re: Problem with RAP

p.s.

 

i see

No ISAKMP PSK found for peer 192.168.2.125

 

maybe you miss to fix the ipsec psk password, as in previous post rap2wg user certificate with 3xx model but not with a200 model,

here you've to use ipsec psk

Andrea Consadori
ACMP 5.0 and 6.3


-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Re: Problem with RAP

Thank You please see the response

1.did u configured the right VPN settings? (that allowing u to use cert or user/password/shared)?
I think there is some problem with VPN setting but i am not able to found where the problem exist. Please do let me know what setting preview required to resolve this issue.

2.did u whitelisted this RAP?
Yes
3.seems like a cert\secret issue.
Try both certificate and PSK. Tried with different username and password and different psk as well
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Guru Elite
Posts: 20,795
Registered: ‎03-29-2007

Re: Problem with RAP

Did you set the preshared key on the controller?  Did you set a username and password in the controller's local database for that AP?

 

You do not need to enter the AP into the whitelist, because that is for only certificate-based APs and of course, that will not work.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,401
Registered: ‎05-28-2008

Re: Problem with RAP

What about the LMS / BACKLMS setting in the ap-system-profile? is there any configuration there that u did? did u checked it also?

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Re: Problem with RAP

Thank You Kdisc

Please see this

iTt's seems that after you provision the RAP,he getting some wrong configuration (might be the LMS and BACKUP LMS - check it)

LMS IP is correct but no LMS IP is available so not provided
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Super Contributor II
Posts: 354
Registered: ‎09-26-2012

Re: Problem with RAP

HI CJoseph

I have tried both cert and psk but its not working
Thanks & Regards
Syed Murad Ali
ACMP ACMA CCNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: