Wireless Access

Reply
Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Provision RAP-5WN

Hey everyone!

 

I have a brand new rap-5wn sitting here and I just can't get it to see the controller. Let's see if I can list what I have done:

 

1. firewall configuration is set to allow port 4500 to the aruba 3400 controller - I see 3 hits on the rule, but it doesn't seem to be reaching the controller. (not sure....)

2. On the aruba 3400 in VPN\ipsec configured and address pool,

3. in security/authentication/servers/l3 authentication set to default

4. created a remote ap access policy (security/firewall/policies) permitting svc-papi, svc-gre, svc-l2tp (any/any), and svc-tftp, svc-ftp (any mswitch)

5. Now for configuring the l3 auth I'm having some issues - when I go to the default-rap, I dont see a roll that I can select and not sure what server group to pick(ldap, radius, default)

 

So when I plug in rap, go to config it from an outside source I get a rc_error_Ikep1 error on a DSL modem that has no firewall enabled....

 

So just what am I missing here?

 

Any help would be appreciated - they want to ship this unit out as soon as possible.

 

thank you!

 

lirria

 

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Provision RAP-5WN

Is the RAP-5WN in the  RAP Whitelist  as well ?

 

Also, in the output of  ' show datapath session table | inc 4500 '   do you see the RAP trying to connect ?   That output would tell you if the RAP is making it through to the controller (or not)

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Provision RAP-5WN

I did add the mac0 to the rap whitelist, I get an error when I try the |inc 4500 so not sure what's going on there

 

I do see one connection to port 4500

 

 

Source ip is the controller destination ip is the DSL router that the rap is hooked to

 

 

Lirria

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Provision RAP-5WN

ok - I did get the inc to work (have to type include apparently...)

 

And I do see 2 connections on from the controller to the rap and 1 from the rap to the controller.

 

It may have something to do with my firewall - It's a cisco asa 5510 if that helps.

 

Lirria

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Provision RAP-5WN

WOOHOO got it! I had to add udp/isakmp to my access rule on the firewall and then boom up it came!

 

Now to test the silly thing not in the office.....

 

:)

 

Thank you!

 

Lirria

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Provision RAP-5WN

Nice work!

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Provision RAP-5WN

You ever have one of those days where you see something and get all excited because you think it's working and then realize you plugged the device *inside* the firewall and that's why you could see it?

 

*sigh*

 

So Its down to the firewall config is the issue and I just haven't found the right thing to fix it

 

It's a cisco asa 5510 I have added nat-tranversal, nat-control, verified the port assign to the internal nat object and I'm out of ideas...

 

any thoughts? (and yes I don't expect cisco experts... just hope for some thoughts)

 

:)

 

Lirria

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Provision RAP-5WN

I have access lists that look like this:


access-list inbound-traffic-on-outside extended permit udp any host Aruba-external eq 4500
access-list inside_access_in extended permit udp host Aruba-internal any eq 4500

 

and I do feel like I'm missing something but I think I've been staring at it way to long.

 

Lirria

New Contributor
Posts: 1
Registered: ‎07-12-2011

Re: Provision RAP-5WN

What version of firmware are you running on your ASA?

Frequent Contributor II
Posts: 169
Registered: ‎11-18-2011

Re: Provision RAP-5WN

8.0(4)

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: