Wireless Access

Reply
Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

RAP-2WG issue with AOS 6.3.1.1

Hey Guys,

 

Just upgraded a 620 Controller to Release 6.3.1.1 and I noticed my RAP-2WG just died.

 

A "datapath session" command shows the session from my RAP to the Wireless Controller but I don't see it come up.

 

Wireless Controller was previously on Release 6.1.X.

 

Any one seen this issue before?

 

 

Aruba
Posts: 760
Registered: ‎05-31-2007

Re: RAP-2WG issue with AOS 6.3.1.1

In the datapath session table output, are there any "D" for deny's ?

Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: RAP-2WG issue with AOS 6.3.1.1


jfernyc wrote:

In the datapath session table output, are there any "D" for deny's ?


I don't believe I saw one.

Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: RAP-2WG issue with AOS 6.3.1.1


jfernyc wrote:

In the datapath session table output, are there any "D" for deny's ?


(Aruba620BurlingtonMaster) #show datapath session | include 4500
192.168.100.61 99.227.188.4 17 4500 49793 0/0 0 0 2 1/8 1a 0 0 FY
192.168.100.61 99.227.188.4 17 4500 49795 0/0 0 0 0 1/8 3 0 0 FY
99.227.188.4 192.168.100.61 17 49795 4500 0/0 0 0 0 1/8 3 0 0 FC
99.227.188.4 192.168.100.61 17 49793 4500 0/0 0 0 1 1/8 1a 0 0 FC

(Aruba620BurlingtonMaster) #

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: RAP-2WG issue with AOS 6.3.1.1

Start debugging:

 

config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security subcat l2tp
logging level debugging security subcat vpn

 Connect the RAP, then type "show log security 50" and see if there are any error messages that correspond to that RAP.

 

To turn of debugging:

config t
no logging level debugging security subcat ike
no logging level debugging security process aaa
no logging level debugging security process authmgr
no logging level debugging security subcat l2tp
no logging level debugging security subcat vpn

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: RAP-2WG issue with AOS 6.3.1.1


cjoseph wrote:

Start debugging:

 

config t
logging level debugging security subcat ike
logging level debugging security process aaa
logging level debugging security process authmgr
logging level debugging security subcat l2tp
logging level debugging security subcat vpn

 Connect the RAP, then type "show log security 50" and see if there are any error messages that correspond to that RAP.

 

To turn of debugging:

config t
no logging level debugging security subcat ike
no logging level debugging security process aaa
no logging level debugging security process authmgr
no logging level debugging security subcat l2tp
no logging level debugging security subcat vpn

 


 

 

Nov 3 07:50:30 :103061: <ERRS> |ike| 99.227.188.4:49152-> find_listening_transport: virtual transport for address 192.168.100.61 not found in virtual_listen_list
Nov 3 07:50:30 :103063: <DBUG> |ike| 99.227.188.4:49152-> transport_handle_messages Could not find transports for IP-Port:c0a8643d:4500, Re-init the transports
Nov 3 07:50:35 :103061: <ERRS> |ike| 99.227.188.4:49152-> find_listening_transport: virtual transport for address 192.168.100.61 not found in virtual_listen_list
Nov 3 07:50:35 :103063: <DBUG> |ike| 99.227.188.4:49152-> transport_handle_messages Could not find transports for IP-Port:c0a8643d:4500, Re-init the transports
Nov 3 07:50:40 :103061: <ERRS> |ike| 99.227.188.4:49152-> find_listening_transport: virtual transport for address 192.168.100.61 not found in virtual_listen_list
Nov 3 07:50:40 :103063: <DBUG> |ike| 99.227.188.4:49152-> transport_handle_messages Could not find transports for IP-Port:c0a8643d:4500, Re-init the transports

 

 

 

Nov 3 07:59:38 :103061: <ERRS> |ike| 99.227.188.4:49199-> find_listening_transport: virtual transport for address 192.168.100.61 not found in virtual_listen_list
Nov 3 07:59:38 :103063: <DBUG> |ike| 99.227.188.4:49199-> transport_handle_messages Could not find transports for IP-Port:c0a8643d:4500, Re-init the transports
Nov 3 07:59:43 :103061: <ERRS> |ike| 99.227.188.4:49199-> find_listening_transport: virtual transport for address 192.168.100.61 not found in virtual_listen_list
Nov 3 07:59:43 :103063: <DBUG> |ike| 99.227.188.4:49199-> transport_handle_messages Could not find transports for IP-Port:c0a8643d:4500, Re-init the transports
Nov 3 07:59:52 :103061: <ERRS> |ike| 99.227.188.4:49201-> find_listening_transport: virtual transport for address 192.168.100.61 not found in virtual_listen_list
Nov 3 07:59:52 :103063: <DBUG> |ike| 99.227.188.4:49201-> transport_handle_messages Could not find transports for IP-Port:c0a8643d:4500, Re-init the transports

 

 

Haven't seen this error type before. Any idea what the above means?

 

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: RAP-2WG issue with AOS 6.3.1.1

Do you have your RAPs pointing at a VRRP?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 232
Registered: ‎03-14-2012

Re: RAP-2WG issue with AOS 6.3.1.1


cjoseph wrote:

Do you have your RAPs pointing at a VRRP?

 


No I don't. This is really strange.

 

Don't know if resetting the RAP to factory default will help. I doubt cos, as you can see, the RAP is definitely attempting to establish a session to the Controller.

 

What do you think?

 

 

Guru Elite
Posts: 21,024
Registered: ‎03-29-2007

Re: RAP-2WG issue with AOS 6.3.1.1

Please open a case, because it has been seen before, but only with a vrrp.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: RAP-2WG issue with AOS 6.3.1.1

[ Edited ]

 

Please do the following :

 

show  vpdn l2tp local pool - make sure you have the RAP pool active

show  crypto ipsec sa - ipsec phase 1 

show  crypto isakmp sa - ike phase 1 

show user-table verbose 

 

show  rights ap-role

 

How are you configuring this RAPs ?  RAP whitelist ?

show  local-userdb-ap

 

How are your RAPs reaching the controller ? 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: