Wireless Access

last person joined: 19 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

RAP unable to connect to BLMS after 6.1.3.9 Upgrade

This thread has been viewed 0 times

  • 1.  RAP unable to connect to BLMS after 6.1.3.9 Upgrade

    MVP EXPERT
    Posted Nov 16, 2013 11:42 AM

    Hi All,

     

    Have an issue where after upgrading to 6.1.3.9 from 6.1.3.7, some of the RAP's are terminating on the BLMS (master)as opposed to the LMS (local). Looking at the logs I can see they are failing due to the AAA Server timeout

     

    Nov 16 11:26:36  authmgr[1629]: <522038> <INFO> |authmgr|  username=xx.xx.xx.xx.xx.xx.xx MAC=00:00:00:00:00:00 IP=10.119.1.113 Authentication result=AAA server timeout method=VPN server=Internal

     

    No changes to the config has been made and this was connected previously. I've confirmed the RAP's are in the whitelist and have also exported the local-userdb from Master to Local.

     

    To confuse matters even more I have RAP's showing as up on the LMS (local) yet on the BLMS (Master) showing as down.

     

    The business in question has upgraded their switches today as well...which may also be a factor.



  • 2.  RE: RAP unable to connect to BLMS after 6.1.3.9 Upgrade

    MVP EXPERT
    Posted Nov 16, 2013 11:46 AM

    Further to this the RAP's appear to be stuck in the logon role?

     

    10.119.1.113    00:00:00:00:00:00            logon              00:00:00    VPN             N/A                                                                               tunnel        
    10.119.1.101    00:00:00:00:00:00            logon              00:00:05    VPN             N/A                                                                               tunnel        
    10.119.1.100    00:00:00:00:00:00            logon              00:00:01    VPN             N/A                                                                               tunnel        
    10.119.1.99     00:00:00:00:00:00            logon              00:00:00    VPN             N/A                                                                               tunnel        
    10.119.1.98     00:00:00:00:00:00            logon              00:00:01    VPN             N/A                                                                               tunnel        
    10.119.1.97     00:00:00:00:00:00            logon              00:00:01    VPN             N/A                                                                               tunnel 

     

    Logon role is as per before the upgrade :

     

    access-list List
    ----------------
    Position  Name              Location
    --------  ----              --------
    1         logon-control     
    2         captiveportal     
    3         vpnlogon          
    4         v6-logon-control  
    5         captiveportal6   

     

    I can also see that they are passing Phase 2 just not on their respective Controllers

     

     

    ###############


    Admin, please delete this customer has broken their Master-Local IPSEC connectivity :)

     

    ###############