Wireless Access

Reply
Occasional Contributor II

RAP migration from one controller to another

 

ike.jpgI have a customer, with a 3200 and a cluster of 7210 controllers, and I need to migrate all RAPs currently conected to the 3200 to the other cluster. Both controllers are behind the same public IP and the router forwards currently port 4500 towards the 3200. The guy responsible for the network infrastructure said, he changed the prerouting for one of the RAPs forwarding that to the new cluster, and after I rebooted that it started an IKE negotiation, however it would not connect, although all the necessary profiles and setting have been copied to the 7210s.


Can you point out what am I doing wrong, please?

ACMP

Re: RAP migration from one controller to another

Are you able to provide the logs from the controller which these are attempting to connect too? Make sure you have the following set up on the new controller.

 

- RAP is added to the whitelist (if using cert based)

- RAP username/password is defined.

- RAP IP Pool is defined.

- Aruba AP Group is defined.


You've advised these are previously running on a 3200. What is the model of RAP and the ArubaOS version on the 

 

This may help too

 

https://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wireless-access/74894/3/Aruba%20Remote%20Access%20Point%20(RAP)%20Troubleshooting.pdf


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: RAP migration from one controller to another

Unfortunately not... I am only able to get them out in the evening, but I will do that. What logs do I need to look for?

As for the rest, yes, I have created the whitelist, the AP group is defined, and IP pool set up as needed.

ACMP

Re: RAP migration from one controller to another

Here is the commands:

 

 

  • L2TP debugging:
       #logging level debugging security process l2tp
  • IKE debugging:
       #logging level debugging security process crypto
  • Authmgr debugging:
       #logging level debugging security process authmgr
  • Localdb debugging:
       #logging level debugging security process localdb

Can you confirm which ArubaOS the 7210 is running and the RAP models in your enviroment.

 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: RAP migration from one controller to another

Oh, yes, sorry. The 3200 is running on version 6.3.1.25 and the 7210 is on 6.4.4.16.

ACMP

Re: RAP migration from one controller to another

What are the RAP models in your environment?

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: RAP migration from one controller to another

Seems that I was able to sort it out.

 

By monitoring the logs, and actually it was the performance logs that helped in this respect - I was able to track it down to xauth issues. Somebody modified the default server group for the VPN auth profile, and a Radius server had priority there which - of course was not able to authenticate the RAP by its MAC as username and password.

I set up a RAP-109 in the office, and tweak the system, until it started to work. There was of course another mistake in the AP system profile, as during one of the tests I entered there a VRRP address of the cluster. By removing that the RAP went up and started to work.

So thanks for the assistance case can be considered solved. :-)

ACMP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: