Wireless Access

Reply
Regular Contributor I
Posts: 237
Registered: ‎01-19-2013

RAP does not connect to the controller

Hello community,

 

we have an Aruba 651 controller (6.2.1.3) with some APs in our company.

Now we want to use some RAPs.

At the moment we´ve 3 RAPs 2wg and 1 RAP 3WN.

 

We have a company internet connection and an extra internet connection for the RAPs (controller makes pppoe).(bouth static ip adress)

 

In the LAN the RAP can connect to the conroller, from outside it does not work.

I think the RAP connect to the controller over the company internet connection to the controllers internet connection.

 

Why does it noch work from outside?

I configured it like the example IAW RAP 6.1 configuration guide...

 


datapath.JPG

 

LMS.JPG

 

RAP-pr.JPG

 

 

I put the conroller config in the attachment.

 

Maybe anyboy can help me...

 

 

Thanks a lot.

 

 

MVP
Posts: 978
Registered: ‎04-13-2009

Re: RAP does not connect to the controller

Hey Leon,

 

Is there a firewall between the controller and the internet connection used for the RAPs?

 

If so you'll need to NAT UDP port 4500 from the firewall to the controller.

 

Also when you're testing the RAP you could try the following commands in addition to the datapath session one you used:

 

#show crypto isakmp sa

This will show you any IKE security associations. This is IKE Phase 1 or you might have heard this as just Phase 1 of the VPN connection.

 

#show crypto ipsec sa

This will show you any IPSEC security associations. This is the VPN tunnel that's created by IKE Phase1. Once this is established you're usually good to go.

 

Also it's worth checking the security log as many IKE errors will pop up there. 

 

Another thing to do is ennable debugging then try to connect the RA|P and see what turns up.

 

#conf t

#logging level debugging ap-debug <macaddress of AP>

#show log ap-debug 30

 

or you could debug IKE, but usually I find this isn't necessary

 

#logging level debugging security subcat ike

#show log security 30

 

I hope this has given you something to go on.


Post back with any finding. :smileyhappy:

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Regular Contributor I
Posts: 237
Registered: ‎01-19-2013

Re: RAP does not connect to the controller

Hello jrwhitehead,

 

there is no firewall between the controller and the inernet.

There is a extra internet connection for the RAPs wehre the contriller makes pppoe.

 

 

In the local Lan the RAP works and send its ssids ...

 

At the moment the RAP is on the local LAN:

#show crypto isakmp sa

Capture.JPG

 

#show crypto ipsec sa

 

2.JPG

 

Ok I set up logging and later i test it outside the LAN.

 

Thanks

 

 

Regular Contributor I
Posts: 237
Registered: ‎01-19-2013

Re: RAP does not connect to the controller

Hello,

 

when I put the RAP outside the LAN, there is nothing in the log.

 

Shows like there is no connection to the controller.

 

3.JPG

 

And in the log is nothing too.

 

The controllers interface with the pppoe connection is up, the ip address the this interface get is the right public ip.

4.JPG

 

I don´t know whats wrong, maybe a policy?

But this I must see in the log right?

 

 

MVP
Posts: 978
Registered: ‎04-13-2009

Re: RAP does not connect to the controller

[ Edited ]

Hi Leon,

 

I would have a look at the datapath session table for the external IP of where the RAP is coming from to see if any traffic is getting to the controller from the RAP.

 

Can you confirm that UDP port 4500 is allowed outbound from where the RAP is?

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Regular Contributor I
Posts: 237
Registered: ‎01-19-2013

Re: RAP does not connect to the controller

Ok,

 

here is the

show datapath session table | include 4500:

1.JPG

 

Can you confirm that UDP port 4500 is allowed outbound from where the RAP is? yes!

 

 

MVP
Posts: 978
Registered: ‎04-13-2009

Re: RAP does not connect to the controller

 

 


Leon123 wrote:

Ok,

 

here is the

show datapath session table | include 4500:

1.JPG

 

Can you confirm that UDP port 4500 is allowed outbound from where the RAP is? yes!

 

 



Is there anything in the security log?

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Regular Contributor I
Posts: 237
Registered: ‎01-19-2013

Re: RAP does not connect to the controller

there is nothing in the log

MVP
Posts: 978
Registered: ‎04-13-2009

Re: RAP does not connect to the controller

You could try the following:

 

#conf t

#logging level debugging ap-debug <macaddress of AP>

#show log ap-debug 30

 

or you could debug IKE

 

#logging level debugging security subcat ike

#show log security 30

 

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Regular Contributor I
Posts: 237
Registered: ‎01-19-2013

Re: RAP does not connect to the controller

Ok,  there is nothing in:

 

#show log ap-debug 30

 

2.JPG

 

#show log security 30

 

3.JPG

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: